883781 matches found
CVE-2023-34468
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...
GO-2023-1840 Unsafe behavior in setuid/setgid binaries in runtime
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...
ALSA-2023:3349 Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netfilter: use-after-free in nftables when processing batch requests can lead to privilege escalation CVE-2023-32233 For more details about the security issues, including the impact, a CV...
CVE-2023-20883
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache...
DSA-5409-1 libssh - security update
Bulletin has no description...
CVE-2023-30470
A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Herme...
ALSA-2023:3083 Moderate: go-toolset:rhel8 security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: crypto/tls: large handshake records may cause panics CVE-2022-41724 golang: net/http, mime/multipart: denial of service from excessive resource consumption...
ALSA-2023:2736 Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: use-after-free caused by l2capreassemblesdu in net/bluetooth/l2capcore.c CVE-2022-3564 net/ulp: use-after-free in listening ULP sockets...
ALSA-2023:2866 Moderate: git-lfs security and bug fix update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters...
ALSA-2023:2236 Moderate: toolbox security and bug fix update
Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 golang:...
ALSA-2023:2370 Moderate: unbound security update
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: NRDelegation attack leads to uncontrolled resource consumption Non-Responsive Delegation Attack CVE-2022-3204 For more details about the security issues, including the impact, a CVSS...
ALSA-2023:2532 Low: libarchive security update
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...
GHSA-CFH2-7F6H-3M85 Access bypass in Drupal Core
Drupal core form API evaluates form element access incorrectly. This can lead to a user being able to alter data they should not have access to...
DLA-3399-1 389-ds-base - security update
Bulletin has no description...
DLA-3398-1 curl - security update
Bulletin has no description...
CVE-2023-29018 OpenFeature Operator vulnerable to Cluster-level Privilege Escalation
The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on open-feature-operator-controller-manager to escalate the privileges o...
ALSA-2023:1743 Important: nodejs:14 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 14.21.3. Security Fixes: decode-uri-component: improper input validation resulting i...
GHSA-GV7G-X59X-WF8F SvelteKit framework has Insufficient CSRF protection for CORS requests
Summary The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...
GHSA-M8CG-XC2P-R3FC rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
Impact It was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup namespace to be unshared e.g.., docker|podman|nerdctl run --cgroupns=host, with Rootless...
GHSA-6G43-88CP-W5GV Prototype pollution in matrix-react-sdk
Impact In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. This is part 2, where...
RLSA-2023:1405 Important: openssl security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: timing attack in RSA...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
ALSA-2023:1470 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: tun: avoid double free in tunfreenetdev CVE-2022-4744 ALSA: pcm: Move rwsem lock inside sndctlelemread to prevent UAF CVE-2023-0266 kernel: net: CPU soft lockup in TC mirred...
GHSA-CPMR-MW4J-99R7 Nginx alias path traversal allows unauthenticated attackers to read all files on /label_studio/core/
Summary The vulnerability resides on the Nginx config file: https://github.com/heartexlabs/label-studio/blob/53944e6bcede75ca5c102d655013f2e5238e85e6/deploy/default.confL119 The pattern on location /static indicates a popular misconfiguration on Nginx servers presented in 2018 originally by Orang...
DLA-3362-1 qemu - security update
Bulletin has no description...
DLA-3361-1 redis - security update
Bulletin has no description...
GHSA-XM67-587Q-R2VW wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64
Impact Wasmtime's code generation backend, Cranelift, has a bug on x8664 platforms for the WebAssembly i8x16.select instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one...
CVE-2023-26492 Directus vulnerable to Server-Side Request Forgery On File Import
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls by performing a DNS rebinding attack and...
CVE-2023-27320
Sudo before 1.9.13p2 has a double free in the per-command chroot feature...
GHSA-G857-47PM-3R32 laravel-admin has Arbitrary File Upload vulnerability
An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file...
DLA-3325-1 openssl - security update
Bulletin has no description...
GHSA-VVPX-J8F3-3W6H golang.org/x/net vulnerable to Uncontrolled Resource Consumption
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...
CVE-2023-22580
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure...
GHSA-259W-8HF6-59C2 OCI image importer memory exhaustion in github.com/containerd/containerd
Impact When importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. Patches This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update t...
CVE-2023-23934 Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain...
GHSA-MV6W-J4XC-QPFW Argo CD leaks repository credentials in user-facing error messages and in logs
Impact All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error message is visible when a user attempts to create or update an...
GHSA-33M6-Q9V5-62R7 go.uuid has Predictable UUID Identifiers
CVE Description for go.uuid A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker. Updat...
DSA-5324-1 linux - security update
Bulletin has no description...
CVE-2023-23457
A Segmentation fault was found in UPX in PackLinuxElf64::invertptdynamic in plxelf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service...
RLSA-2023:0099 Moderate: virt:rhel and virt-devel:rhel security and bug fix update
Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting wi...
CVE-2023-22473 Passcode bypass on Talk-Android app
Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no...
CVE-2022-48197
Reflected cross-site scripting XSS exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
RLSA-2023:0005 Important: bcel security update
The Byte Code Engineering Library Apache Commons BCEL is intended to give users a convenient way to analyze, create, and manipulate binary Java class files those ending with .class. Security Fixes: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing CVE-2022-42920 For more...
CVE-2022-3064
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...
CVE-2022-1097
NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...
DLA-3244-1 linux-5.10 - security update
Bulletin has no description...
RLSA-2022:9058 Important: prometheus-jmx-exporter security update
Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fixes: SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 For more details about the security issues, including the impact, a...
CVE-2022-23478 Out of Bound Write in xrdp
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a Out of Bound Write in xrdpmmtransprocessdrdynvcchannelopen function. There are no known workarounds for this issue. Users are advised to upgrade...
DLA-3227-1 ruby-rails-html-sanitizer - security update
Bulletin has no description...
CVE-2022-4144
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxlphys2virt function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use th...