903702 matches found
BIT-2020-2780
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...
CVE-2023-47272
Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...
BIT-2023-42629
Stored cross-site scripting XSS vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's 'description' text field...
PYSEC-2023-210
views.py in Wagtail CRX CodeRed Extensions formerly CodeRed CMS or coderedcms before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media...
PYSEC-2023-217
Cross-Site Request Forgery CSRF in GitHub repository modoboa/modoboa prior to 2.2.2...
GHSA-FR2G-9HJM-WR23 NATS.io: Adding accounts for just the system account adds auth bypass
Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. NATS users exist within accounts, and once using accounts, the old authorization block is not applicable. Problem Description Without any...
BIT-2023-42663
Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with...
BIT-2023-42780
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dagids and the stack-traces of import errors for those DAGs with import...
CVE-2023-45814 Tokens cached in the AuthenticationService are susceptible to reuse in Bunkum
Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...
ALSA-2023:5837 Important: nghttp2 security update
nghttp2 contains the Hypertext Transfer Protocol version 2 HTTP/2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more...
ALSA-2023:5744 Moderate: java-11-openjdk security and bug fix update
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: certificate path validation issue during client authentication 8309966 CVE-2023-22081 For more details about the security issues, including the...
DLA-3618-1 node-babel - security update
Bulletin has no description...
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...
DSA-5526-1 chromium - security update
Bulletin has no description...
RLSA-2023:5455 Important: glibc security update
The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...
GHSA-MVRP-3CVX-C325 Zod denial of service vulnerability during email validation
Impact API servers running express-zod-api having: - version of express-zod-api below 10.0.0-beta1, - and using the following or similar validation schema in its implementation: z.string.email, are vulnerable to a DoS attack due to: - Inefficient Regular Expression Complexity in zod versions up t...
DLA-3591-1 firefox-esr - security update
Bulletin has no description...
PYSEC-2023-182
opencv-contrib-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python-headless v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2...
RLSA-2023:5244 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipvlan: out-of-bounds write caused by unclear skb-cb CVE-2023-3090 kernel: UAF in nftables when nftsetlookupglobal triggered after handling named and anonymous sets in batch requests...
DLA-3575-1 python2.7 - security update
Bulletin has no description...
ALSA-2023:5245 Moderate: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: hw: amd: Cross-Process Information Leak CVE-2023-20593 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
GHSA-3P86-9955-H393 Arbitrary File Overwrite in Eclipse JGit
Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...
DLA-3543-1 rar - security update
Bulletin has no description...
DLA-3542-1 unrar-nonfree - security update
Bulletin has no description...
GHSA-CR5Q-6Q9F-RQ6Q Active Support Possibly Discloses Locally Encrypted Files
There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...
CVE-2023-40035 Craft CMS vulnerable to Remote Code Execution via validatePath bypass
Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable...
GHSA-9C9V-W225-V5RG Ghost vulnerable to arbitrary file read via symlinks in content import
Impact A vulnerability in Ghost allows authenticated users to upload files which are symlinks. This can be exploited to perform an arbitrary file read of any file on the operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's...
ALSA-2023:4634 Important: rust security update
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fixes: rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 For more details about the security issues, including t...
RLSA-2023:4100 Important: bind9.16 security update
The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...
GHSA-XQR8-7JWR-RHP7 Removal of e-Tugra root certificate
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store. e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions ...
GHSA-M88M-CRR9-JVQQ OpenRefine vulnerable to zip slip in project import
Impact A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution if a user can be convinced to import it. Patches The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as...
CVE-2023-2975
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...
MAL-2023-679 Malicious code in perimeterx-fastly-js-edge-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 934118ad5800d3dc8e17c6e7ed99b345399d4eae19e298de4f8a35834f872cc8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-37280 Pimcore admin UI vulnerable to Cross-site Scripting in two factor authentication setup page
Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This...
GHSA-373W-RJ84-PV6X SafeURL-Python's hostname blocklist does not block FQDNs
Description If a hostname was blacklisted, it was possible to bypass the blacklist by requesting the FQDN of the host e.g. adding . to the end. Impact The main purpose of this library is to block requests to internal/private IPs and these cannot be bypassed using this finding. But if a library us...
CVE-2023-3394 Session Fixation in fossbilling/fossbilling
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1...
CVE-2023-30625 rudder-server vulnerable to SQL Injection
rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...
GHSA-555C-2P6R-68MM .NET Denial of Service vulnerability
Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their...
GO-2023-1840 Unsafe behavior in setuid/setgid binaries in runtime
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...
CVE-2023-34238 Local File Inclusion vulnerability in Gatsby
Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...
MGASA-2023-0188 Updated tcpreplay packages fix security vulnerability
An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpeditdltcleanup function at plugins/dltplugins.c. CVE-2023-27783 An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the readhexstring function ...
DSA-5409-1 libssh - security update
Bulletin has no description...
CVE-2023-30470
A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Herme...
ALSA-2023:2866 Moderate: git-lfs security and bug fix update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters...
ALSA-2023:2532 Low: libarchive security update
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...
DLA-3398-1 curl - security update
Bulletin has no description...
ALSA-2023:1895 Important: java-11-openjdk security update
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...
ALSA-2023:1673 Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
CVE-2023-28842 moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...
GHSA-5X5Q-8CGM-2HJQ Karate has vulnerable dependency on json-smart package (CVE-2023-1370)
Summary The CVE How to fix it Very simple, just upgrade json-path package to 2.8.0 from 2.7.0 inside karate-core pom.xml ;...