909148 matches found
ALSA-2023:4634 Important: rust security update
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fixes: rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 For more details about the security issues, including t...
GHSA-J8RM-CM55-QQJ6 .NET Information Disclosure Vulnerability
Microsoft Security Advisory CVE-2023-35391: .NET Information Disclosure Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET core 2.1, .NET 6.0 and, .NET 7.0. This advisory also provides guidance on what developers c...
PYSEC-2023-143
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...
ALSA-2023:4517 Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows...
ALSA-2023:4537 Moderate: nodejs:16 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs 16.20.1. BZ2223678, BZ2223680, BZ2223682, BZ2223684, BZ2223686, BZ2223688 Security Fixes: nodejs...
ASB-A-271851153
In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
GHSA-XQR8-7JWR-RHP7 Removal of e-Tugra root certificate
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store. e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions ...
DLA-3498-1 bind9 - security update
Bulletin has no description...
CVE-2022-24834 Heap overflow issue with the Lua cjson library used by Redis
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...
CVE-2022-45855
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...
CVE-2023-37280 Pimcore admin UI vulnerable to Cross-site Scripting in two factor authentication setup page
Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This...
GO-2023-1874 Denial of service in github.com/corazawaf/coraza/v2 and v3
Due to the misuse of log.Fatalf, Coraza may crash after receiving crafted requests from attackers...
ASB-A-261068592
In gattendoperation of gattutils.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
GHSA-373W-RJ84-PV6X SafeURL-Python's hostname blocklist does not block FQDNs
Description If a hostname was blacklisted, it was possible to bypass the blacklist by requesting the FQDN of the host e.g. adding . to the end. Impact The main purpose of this library is to block requests to internal/private IPs and these cannot be bypassed using this finding. But if a library us...
CVE-2023-3394 Session Fixation in fossbilling/fossbilling
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1...
CVE-2023-30625 rudder-server vulnerable to SQL Injection
rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...
CVE-2023-34238 Local File Inclusion vulnerability in Gatsby
Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...
CVE-2023-32315 Openfire administration console authentication bypass
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...
CVE-2023-20883
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache...
CVE-2023-32681 Unintended leak of Proxy-Authorization header in requests
Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...
DSA-5409-1 libssh - security update
Bulletin has no description...
CVE-2023-30470
A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Herme...
DSA-5396-1 webkit2gtk - security update
Bulletin has no description...
DLA-3399-1 389-ds-base - security update
Bulletin has no description...
DLA-3396-1 redis - security update
Bulletin has no description...
CVE-2023-28842 moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...
ASB-A-235823542
In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
GHSA-6MMF-QM37-PMGG Duplicate Advisory: Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7r35-chv4-xr3r. This link is maintained ot preserve external references. Original Description Cross-site Scripting XSS - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20...
DLA-3369-1 runc - security update
Bulletin has no description...
GHSA-4PQP-69M3-F8PP NotrinosERP vulnerable to SQL Injection
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customerdelivery.php...
CURL-CVE-2023-27533 TELNET option IAC injection
curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on username and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the documented functionality, curl would pass on username and telnet options ...
GHSA-795W-7426-M94J stoqey/gnuplot is vulnerable to command injection
An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, childprocess, and/or filePath parameters...
RLSA-2023:1140 Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP multi-header compression denial of service CVE-2023-23916 For more details about the security issues, including...
GHSA-GC89-7GCR-JXQC Buildkit credentials inlined to Git URLs could end up in provenance attestation
When the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1 Invoking build directly from a URL...
GHSA-3HVJ-3CG9-V242 Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
Impact Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. Affected versions: Saleor ≥ 2.0.0 Workarounds None For more information If you...
CVE-2023-26472 XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile
XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having ed...
DLA-3349-1 linux-5.10 - security update
Bulletin has no description...
CVE-2023-27320
Sudo before 1.9.13p2 has a double free in the per-command chroot feature...
ALSA-2023:0946 Moderate: openssl security and bug fix update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: read buffer overflow in X.509 certificate verification CVE-2022-4203 openssl: timing attack in RS...
GHSA-R6CH-MQF9-QC9W Regular Expression Denial of Service in Headers
Impact The Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the headerValueNormalize utility function...
DSA-5347-1 imagemagick - security update
Bulletin has no description...
GHSA-GM7M-RQF8-JX4M Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit
Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9...
CVE-2023-22746 CKAN is vulnerable to session secret shared across instances using Docker images
CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...
CVE-2023-25136
OpenSSH server sshd 9.1 introduced a double-free vulnerability during options.kexalgorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One...
GHSA-VM5R-C87R-PF6X Parse Server option `masterKeyIps` vulnerability to IP spoofing
Impact Parse Server uses the request header x-forwarded-for to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server will trust the value of the header. The incorrect client IP address will be used by various feature...
DSA-5333-1 tiff - security update
Bulletin has no description...
DSA-5324-1 linux - security update
Bulletin has no description...
DLA-3272-1 sudo - security update
Bulletin has no description...
GHSA-7222-R37X-8Q3M Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
GO-2022-1188 Uncontrolled memory allocation in code.sajari.com/docconv
An attacker can remotely supply a specially crafted input that causes uncontrolled memory allocation...