907646 matches found
GHSA-J8QW-MWMV-28CG Improper Limitation of a Pathname to a Restricted Directory in Apache Solr
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. dot dot or full pathname in the tr parameter to solr/select/, when the response writer wt parameter is set to XSLT. NOTE: this can be leveraged using a separa...
GHSA-7QCQ-XP2F-56F6 Apache Tika vulnerable to uncontrolled memory consumption
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files...
GHSA-QX6H-9567-5FQW Arbitrary file write in Apache Commons Fileupload
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...
GHSA-M3X6-9V6H-4G28 Cross-site Scripting in Apache Struts
Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...
GHSA-RJ76-H87P-R3WF Undertow vulnerable to Request Smuggling
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that als...
GHSA-6FXM-66HQ-FC96 Uncontrolled Resource Consumption in Apache Commons Compress
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream BZip2CompressorOutputStream in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service CPU consumption via a file with many repeating inputs...
RLSA-2022:2031 Low: libssh security, bug fix, and enhancement update
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages have been upgraded to a later upstream version: libssh 0.9.6. BZ1896651 Security Fixes: libssh: possible heap-based buffer overflow when rekeying CVE-2021-3634...
ALSA-2022:2092 Moderate: bind security, bug fix, and enhancement update
The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. The following...
ALSA-2022:1930 Moderate: keepalived security and bug fix update
The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server IPVS kernel module providing layer-4 transport layer load balancing. Keepalived implements a set of checke...
GHSA-HX8W-GHH8-R4XF Write access to the catalog for any user when restricted-admin role is enabled in Rancher
Impact This vulnerability only affects customers using the restricted-admin role in Rancher. For this role to be active, Rancher must be bootstrapped with the environment variable CATTLERESTRICTEDDEFAULTADMIN=true or the configuration flag restrictedAdmin=true. A flaw was discovered in Rancher...
GHSA-W227-XCFX-3PJ8 Exposure of Sensitive Information in Apache Tomcat
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...
GHSA-4PRH-GQW8-RGH5 Apache Tomcat Directory Traversal
Directory traversal vulnerability in Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 / slash, 2 \ backslash, and 3 URL-encoded backslash %...
CVE-2022-26788
PowerShell Elevation of Privilege Vulnerability...
CVE-2022-27380
An issue in the component mydecimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...
DSA-5112-1 chromium - security update
Bulletin has no description...
CVE-2022-22963
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...
GHSA-8PP6-8X4Q-C5MX Server side request forgery in C1 CMS
C1 CMS is an open-source, .NET based Content Management System CMS. Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery SSRF by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also...
CVE-2018-25032
zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...
CVE-2022-24731 Path traversal allows leaking out-of-bound files from Argo CD repo-server
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's...
CVE-2021-25220
BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as th...
CVE-2022-27666
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...
GHSA-M8GQ-83GH-V42V XML External Entities Vulnerability in CVRF-CSAF-Converter
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
DLA-2942-1 firefox-esr - security update
Bulletin has no description...
CVE-2022-24747 HTTP caching is marking private HTTP headers as public
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP...
DSA-5089-1 chromium - security update
Bulletin has no description...
GHSA-CM9W-C4RJ-R2CF Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in view_component
This is an XSS vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an interpolation argument to the translate method is not properly sanitized before display. Versions 2.29.1 and 2.49.1 have been released...
CVE-2022-24707 SQL injection in anuko timetracker
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin...
CVE-2022-0685 Use of Out-of-range Pointer Offset in vim/vim
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418...
DSA-5082-1 php7.4 - security update
Bulletin has no description...
GHSA-579H-MV94-G4GP Privilege Escalation in Kubernetes
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary reques...
GHSA-7F33-F4F5-XWGW In-band key negotiation issue in AWS S3 Crypto SDK for golang
Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...
DSA-5070-1 cryptsetup - security update
Bulletin has no description...
PYSEC-2022-82
Tensorflow is an Open Source Machine Learning Framework. The implementation of AssignOp can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized to minimize number of...
DSA-5066-1 ruby2.5 - security update
Bulletin has no description...
CVE-2022-0443 Use After Free in vim/vim
Use After Free in GitHub repository vim/vim prior to 8.2...
DSA-5061-1 wpewebkit - security update
Bulletin has no description...
CVE-2022-21277
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...
DLA-2887-1 lighttpd - security update
Bulletin has no description...
CVE-2022-22823
buildmodel in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...
CVE-2022-21661 SQL injection in WordPress
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...
GO-2021-0163 Privilege escalation on Windows via malicious DLL in syscall
Untrusted search path vulnerability on Windows related to LoadLibrary allows local users to gain privileges via a malicious DLL in the current working directory...
GO-2021-0160 Incorrect calculation affecting RSA computations in math/big
Int.Exp Montgomery mishandled carry propagation and produced an incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibl...
RLSA-2021:4647 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Insufficient validation of user-supplied sizes for the MSGCRYPTO message type CVE-2021-43267 kernel: timer tree corruption leads to missing wakeup and system freeze CVE-2021-20317 For mor...
DSA-5004-1 libxstream-java - security update
Bulletin has no description...
ALSA-2021:4373 Low: pcre security update
PCRE is a Perl-compatible regular expression library. Security Fixes: pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 CVE-2019-20838 pcre: Integer overflow when parsing callout numeric arguments CVE-2020-14155 For more details about the security...
RLSA-2021:4326 Moderate: libX11 security update
The libX11 packages contain the core X11 protocol client library. Security Fixes: libX11: missing request length checks CVE-2021-31535 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in t...
RLSA-2021:4257 Moderate: httpd:2.4 security, bug fix, and enhancement update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsession: NULL pointer dereference when parsing Cookie header CVE-2021-26690 httpd: Unexpected URL matching with 'MergeSlashes OFF' CVE-2021-30641 For more details about t...
ALSA-2021:4056 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free CVE-2020-36385 kernel: out-of-bounds write due to a heap buffer overflow in hidinputchangeresolutionmultipliers of...
CVE-2021-32028
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
GHSA-69J6-29VR-P3J9 Authentication bypass for viewing and deletions of snapshots
Today we are releasing Grafana 7.5.11, and 8.1.6. These patch releases include an important security fix for an issue that affects all Grafana versions from 2.0.1. Grafana Cloud instances have already been patched and an audit did not find any usage of this attack vector. Grafana Enterprise...