907558 matches found
UVI-2021-1001486 seq_buf: Fix overflow in seq_buf_putmem_hex()
seqbuf: Fix overflow in seqbufputmemhex This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...
DSA-4946-1 openjdk-11 - security update
Bulletin has no description...
GO-2021-0107 Panic or authentication bypass in github.com/ecnepsnai/web
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...
GO-2021-0110 Token reuse in github.com/ory/fosite
Uniqueness of JWT IDs jti are not checked, allowing the JWT to be replayed...
UVI-2021-1001144 net: qed: Fix memcpy() overflow of qed_dcbx_params()
net: qed: Fix memcpy overflow of qeddcbxparams This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13 by commit...
UVI-2021-1001084 powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set
powerpc/perf: Fix crash in perfinstructionpointer when ppmu is not set This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...
PYSEC-2021-103
Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the % includeblock % template tag is used to output the value of a plain-text StreamField block...
GHSA-RWV7-3V45-HG29 Pillow Out-of-bounds Read vulnerability
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayi. This dates to Pillow 2.4.0...
ASB-A-174626251
In btmsecpincoderequest of btmsec.cc, there is a possible bypass of Bluetooth pairing pin-code due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2020-10701
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this...
RLSA-2021:2034 Important: redis:6 security update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
GHSA-3XH2-74W9-5VXM Integer overflow in github.com/gorilla/websocket
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections...
ALSA-2021:1804 Moderate: userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update
X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Mesa provides a 3D graphics API that is compatible with Open Graphics Library OpenGL. It also provides hardware-accelerated...
RLSA-2021:1789 Moderate: gssdp and gupnp security update
GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. The...
ALSA-2021:1586 Moderate: GNOME security, bug fix, and enhancement update
GNOME is the default desktop environment of AlmaLinux. The following packages have been upgraded to a later upstream version: accountsservice 0.6.55, webkit2gtk3 2.30.4. BZ1846376, BZ1883304 Security Fixes: webkitgtk: type confusion may lead to arbitrary code execution CVE-2020-9948 webkitgtk:...
DLA-2632-1 thunderbird - security update
Bulletin has no description...
DSA-4895-1 firefox-esr - security update
Bulletin has no description...
PYSEC-2021-114
Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could...
GO-2020-0017 Authorization bypass in github.com/dgrijalva/jwt-go
If a JWT contains an audience claim with an array of strings, rather than a single string, and MapClaims.VerifyAudience is called with req set to false, then audience verification will be bypassed, allowing an invalid set of audiences to be provided...
OESA-2021-1139 infinispan security update
Infinispan is an extremely scalable, highly available data grid platform - 100% open source, and written in Java. The purpose of Infinispan is to expose a data structure that is highly concurrent, designed ground-up to make the most of modern multi-processor/multi-core architectures while at the...
CVE-2021-20218
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and...
CVE-2021-25282
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillarroots.write method is vulnerable to directory traversal...
DLA-2565-1 openssl1.0 - security update
Bulletin has no description...
RLSA-2021:0549 Moderate: nodejs:12 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 12.20.1, nodejs-nodemon 2.0.3. Security Fixes: nodejs-mixin-deep: prototype pollutio...
CVE-2020-14343
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...
DSA-4844-1 dnsmasq - security update
Bulletin has no description...
CVE-2021-23239
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path...
ASB-A-156766097
In spectrev2userselectmitigation of bugs.c, there is a possible failure to enable a Spectre mitigation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
DLA-2495-1 tomcat8 - security update
Bulletin has no description...
CVE-2020-28923
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...
CVE-2020-25695
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...
DSA-4779-1 openjdk-11 - security update
Bulletin has no description...
CVE-2020-15256
A prototype pollution vulnerability has been found in object-path = 0.11.0 is used, which has to be explicitly enabled by creating a new instance of object-path and setting the option includeInheritedProps: true, or by using the default withInheritedProps instance. The default operating mode is n...
ASB-A-160390416
In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. This could lead to local information disclosure of foreground processes with no additional execution privileges needed. User interaction is not needed for exploitation...
RLSA-2020:4059 Important: virt:rhel security update
Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting wi...
DLA-2370-1 python-pip - security update
Bulletin has no description...
PYSEC-2020-192
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...
GHSA-86QR-9VQC-PGC6 Code execution in Spring Integration
Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...
DLA-2288-1 qemu - security update
Bulletin has no description...
CVE-2020-14297
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and ma...
CVE-2020-13788
Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet...
DLA-2280-1 python3.5 - security update
Bulletin has no description...
ASB-A-156261521
In DecodeImage of dnglosslessjpeg.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
GHSA-MHP6-PXH8-R675 Angular vulnerable to Cross-site Scripting
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping elements in ones changes parsing behavior, leading to possibly unsanitizing code...
DSA-4698-1 linux - security update
Bulletin has no description...
CVE-2020-12662
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...
DSA-4677-1 wordpress - security update
Bulletin has no description...
PYSEC-2020-103
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...
PYSEC-2020-102
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the...
ALSA-2020:1650 Moderate: container-tools:rhel8 security, bug fix, and enhancement update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation CVE-2019-19921 containers/image: Container images read entire ima...