905977 matches found
BIT-GITLAB-2024-4472 Insertion of Sensitive Information into Log File in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs...
GHSA-W3H3-4RJ7-4PH4 Request smuggling leading to endpoint restriction bypass in Gunicorn
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...
BIT-APACHE-2021-39275 ap_escape_quotes buffer overflow
apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier...
OSV-2022-785 Heap-buffer-overflow in resize_packet
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50617 Crash type: Heap-buffer-overflow WRITE Crash state: resizepacket FuzzResizePacket fuzzrfc1035.c...
DSA-5162-1 containerd - security update
Bulletin has no description...
DSA-4942-1 systemd - security update
Bulletin has no description...
OSV-2021-677 Heap-buffer-overflow in grk::FileFormatDecompress::apply_palette_clr
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544 Crash type: Heap-buffer-overflow WRITE 16 Crash state: grk::FileFormatDecompress::applypaletteclr grk::FileFormatDecompress::applyColour grkdecompressfuzzer.cpp...
CVE-2020-25685
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSE...
GO-2025-3540 Potential out of order responses when CLIENT SETINFO times out during connection establishment in github.com/redis/go-redis
Potential out of order responses when CLIENT SETINFO times out during connection establishment in github.com/redis/go-redis...
BIT-GITLAB-2024-6446 Business Logic Errors in GitLab
An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application...
GHSA-9MH8-9J64-443F HashiCorp Vault's revocation list not respected
HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and...
GHSA-5F37-GXVH-23V6 Remote code execution in PHPMailer
Impact The mailSend function in the default isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property. Patches Fixed in 5.2.18 Workaround...
CVE-2024-1143
Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting XSS, which could allow for the leakage of user sessions and subsequent authentication bypass...
CVE-2025-43965
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used...
BIT-GITLAB-2024-5067 Exposure of Sensitive Information to an Unauthorized Actor in GitLab
An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles...
CVE-2024-24566 Lobe Chat unauthorized access to plugins
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected deployed with the ACCESSCODE option, it is possible to access plugins without proper authorization without password. This vulnerabili...
GHSA-J6PX-JWVV-VPWQ Angular Expressions - Remote Code Execution
Impact The vulnerability, reported by GoSecure Inc, allows Remote Code Execution, if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. This time, the security of the package could be bypassed by using a more complex payload, using a...
GHSA-QMMC-JPPF-32WV Directory Traversal in Docker
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 1 "docker load" operation or 2 "registry communications."...
DLA-2557-1 linux-4.19 - security update
Bulletin has no description...
CVE-2024-2880 Improper Access Control in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with admingroupmember custom role permission could ban group members...
CVE-2024-5470 Improper Access Control in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...
BIT-GITLAB-2020-10082
GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered...
GHSA-WMG5-G953-QQFW Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
When using the Vault and Vault Enterprise Vault approle auth method, any authenticated user with access to the /auth/approle/role/:rolename/secret-id-accessor/destroy endpoint can destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability, CVE-2023-24999, has...
DSA-5388-1 haproxy - security update
Bulletin has no description...
GHSA-32GV-6CF3-WCMQ HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods
Impact Twisted web servers that utilize the optional HTTP/2 support suffer from the following flow-control related vulnerabilities: Ping flood: https://vulners.com/cve/CVE-2019-9512 Reset flood: https://vulners.com/cve/CVE-2019-9514 Settings flood: https://vulners.com/cve/CVE-2019-9515 A Twisted...
GHSA-XG6R-5GX4-QXJM invoiceninja is vulnerable to Cross-site Scripting
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2022-47111
7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected...
BIT-GRAFANA-2023-5122 SSRF in CSV Datasource Plugin
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...
BIT-GITLAB-2024-0231 Improper Control of Resource Identifiers ('Resource Injection') in GitLab
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits...
CVE-2024-24754 Bref Body Parsing Inconsistency in Event-Driven Functions
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...
ASB-A-137284057
In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
GHSA-7V35-QWWJ-P98G Improper Restriction of XML External Entity Reference in DiffPlug Spotless
In DiffPlug Spotless before 1.20.0 library and Maven plugin and before 3.20.0 Gradle plugin, the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a...
CVE-2025-46393
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packetsize is mishandled related to the rendering of all channels in an arbitrary order...
BIT-GITLAB-2024-6389 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions...
CVE-2022-45141
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...
CVE-2022-41903 Integer overflow in `git archive`, `git log --format` leading to RCE in git
Git is distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators, there is a integer overflow in...
BIT-GITLAB-2024-12380 Generation of Error Message Containing Sensitive Information in GitLab
An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication...
BIT-PYTHON-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter
An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...
PSF-2023-2 Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
MAL-2022-7286 Malicious code in xnxx-dl-wa-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ae97fc6d17d4a931da57669f1fc5dcd02644f5a8c9c0f8d9a416f741c15368a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-XHFC-GR8F-FFWC Denial of service in ASP.NET Core
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981...
GHSA-3GG9-F3VH-866F Improper Certificate Validation in Graylog
Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code in all versions that suppo...
GHSA-6XXJ-GCJQ-WGF4 SQL injection in prestashop/prestashop
Impact Blind SQLi using Search filters with orderBy and sortOrder parameters Patches The problem is fixed in 1.7.8.2...
BIT-GITLAB-2024-7057 Improper Access Control in GitLab
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level...
BIT-GITLAB-2020-10081
GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user...
BIT-APACHE-2021-26691 Apache HTTP Server mod_session response handling heap overflow
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...
DLA-3309-1 graphite-web - security update
Bulletin has no description...
ASB-A-129476618
In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User...
DSA-3092-1 icedove - security update
Bulletin has no description...
CVE-2022-47112
7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected...