Good & Bad Comments Security Vulnerabilities

[SECURITY] Fedora 40 Update: javaparser-3.25.8-3.fc40

This package contains a Java 1 to 13 Parser with AST generation and visitor support. The AST records the source code structure, javadoc and comments. It is also possible to change the AST nodes or create new ones to modify the source...

You’re going to start seeing more tax-related spam, but remember, that doesn’t actually mean there’s more spam

It's that time of the year when not only do you have to be worried about filing your federal taxes in the U.S., you must also be on the lookout for a whole manner of tax-related scams. These are something that pop up every year through email, texts, phone calls and even physical mail -- phony...

jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext

A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. This allows an adversary to exploit specific scenarios where the compression ratio becomes exceptionally high. As a...

jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext

A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. This allows an adversary to exploit specific scenarios where the compression ratio becomes exceptionally high. As a...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 26, 2024 to March 3, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 121 vulnerabilities disclosed in 88...

CVE-2024-28228

In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was...

CVE-2024-28228

In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was...

Design/Logic Flaw

In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was...

CVE-2024-28228

In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was...

WinFiHack - A Windows Wifi Brute Forcing Utility Which Is An Extremely Old Method But Still Works Without The Requirement Of External Dependencies

WinFiHack is a recreational attempt by me to rewrite my previous project Brute-Hacking-Framework's main wifi hacking script that uses netsh and native Windows scripts to create a wifi bruteforcer. This is in no way a fast script nor a superior way of doing the same hack but it needs no external...

Exploit for Use After Free in Microsoft

First in-the-wild 0-day of 2023 🔥 CVE-2023-21674 is a...

Golang < 1.21.8, 1.22.x < 1.22.1 Multiple Vulnerabilities

The version of Golang running on the remote host is prior to 1.21.8 or 1.22.x prior to 1.22.1. It is, therefore, is affected by multiple vulnerabilities: A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. (CVE-2023-45289) Verifying a certificate...

SUSE SLES12 Security Update : gstreamer-plugins-bad (SUSE-SU-2024:0779-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0779-1 advisory. MXF demuxer use-after-free vulnerability [fedora-all] (CVE-2023-44446) Note that Nessus has not tested for this issue but has instead...

SUSE SLES15 Security Update : gstreamer-plugins-bad (SUSE-SU-2024:0780-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0780-1 advisory. MXF demuxer use-after-free vulnerability [fedora-all] (CVE-2023-44446) Note that Nessus has not tested for this issue but has instead...

SUSE: Security Advisory (SUSE-SU-2024:0779-1)

The remote host is missing an update for...

FreeBSD : go -- multiple vulnerabilities (b1b039ec-dbfc-11ee-9165-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b1b039ec-dbfc-11ee-9165-901b0e9408dc advisory. When following an HTTP redirect to a domain which is not a subdomain match or exact match of...

SUSE: Security Advisory (SUSE-SU-2024:0780-1)

The remote host is missing an update for...

CVE-2024-26623

In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent race issues involving the adminq There are multiple paths that can result in using the pdsc's adminq. [1] pdsc_adminq_isr and the resulting work from queue_work(), i.e. pdsc_work_thread()-&gt;pdsc_process_adminq()...

CVE-2023-50716

eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely...

CVE-2023-50716

eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely...

CVE-2023-50716

eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely...

Memory corruption

eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely...

CVE-2023-50716 Invalid DATA_FRAG Submessage causes a bad-free error

eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely...

1Panel open source panel project has an unauthorized vulnerability.

Impact The steps are as follows: Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point. Use Burp to intercept: When opening the browser and entering the URL (allowing the first intercepted packet through Burp), the following is displayed: It is...

1Panel open source panel project has an unauthorized vulnerability.

Impact The steps are as follows: Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point. Use Burp to intercept: When opening the browser and entering the URL (allowing the first intercepted packet through Burp), the following is displayed: It is...

CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability

Summary Here it is observed that the CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. Details The web application lacks control over the login attempts i.e. why attacker can use a password brute force attack to find and get full access...

BIT-gitlab-2020-10975

GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback...

BIT-tensorflow-2020-15194

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverse_index_map_t and grad_values_t are accessed in a similar pattern, only reverse_index_map_t is validated to be of....

BIT-gitlab-2021-39918

Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be...

BIT-gitlab-2021-39933

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to...

BIT-gitlab-2022-0489

An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue...

BIT-gitlab-2022-1190

Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments,...

BIT-wordpress-2020-25286

In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not...

BIT-wordpress-multisite-2020-25286

In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not...

BIT-wordpress-2021-39201

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions imposed on users who....

BIT-wordpress-multisite-2021-39201

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions imposed on users who....

BIT-discourse-2022-23549

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, users can create posts with raw body longer than the max_length site setting by including html comments that are not counted toward the...

BIT-mediawiki-2023-36674

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File...

BIT-discourse-2023-23615

Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments...

BIT-odoo-2021-44465

Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC...

BIT-moodle-2023-5544

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR...

BIT-discourse-2023-32061

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other.....

BIT-envoy-2022-21657

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage...

BIT-drupal-2021-33829

A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!&gt; is...

BIT-helm-2020-15185

In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker.....

BIT-drupal-2021-41165

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result.....

BIT-contour-2020-15127

In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes...

BIT-apisix-2022-25757

In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the body_schema validation in the request-validation plugin. For example,...

CVE-2024-26623

In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent race issues involving the adminq There are multiple paths that can result in using the pdsc's adminq. [1] pdsc_adminq_isr and the resulting work from queue_work(), i.e....

CVE-2024-26623

In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent race issues involving the adminq There are multiple paths that can result in using the pdsc's adminq. [1] pdsc_adminq_isr and the resulting work from queue_work(), i.e....