G-prescription Gynaecology & Obs Consultation Software Security Vulnerabilities

Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature in github.com/0xJacky/Nginx-UI

Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature in...

Grafana XSS in header column rename in github.com/grafana/grafana

Grafana XSS in header column rename in...

Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

Privilege Escalation in HashiCorp Consul in...

Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server

Mattermost leaks details of AD/LDAP groups of a teams in...

User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport

User-provided environment values allow execution on macOS agents in...

Use of Insufficiently Random Values in github.com/greenpau/caddy-security

Use of Insufficiently Random Values in...

Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport

Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in...

runc vulnerable to container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

runc vulnerable to container breakout through process.cwd trickery and leaked fds in...

CubeFS leaks users key in logs in github.com/cubefs/cubefs

CubeFS leaks users key in logs in...

Improper Validation of Array Index in github.com/greenpau/caddy-security

Improper Validation of Array Index in...

Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server

Mattermost post fetching without auditing in compliance export in...

Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder

Minder trusts client-provided mapping from repo name to upstream ID in...

Open Redirect in github.com/greenpau/caddy-security

Open Redirect in...

APM Server vulnerable to Insertion of Sensitive Information into Log File in github.com/elastic/apm-server

APM Server vulnerable to Insertion of Sensitive Information into Log File in...

caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting in github.com/greenpau/caddy-security

caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting in...

Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only in go.etcd.io/etcd

Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only in...

1Panel set-cookie is missing the Secure keyword in github.com/1Panel-dev/1Panel

1Panel set-cookie is missing the Secure keyword in...

Etcd Gateway TLS endpoint validation only confirms TCP reachability in go.etcd.io/etcd

Etcd Gateway TLS endpoint validation only confirms TCP reachability in...

OpenFGA denial of service in github.com/openfga/openfga

OpenFGA denial of service in...

Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry

Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised...

Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana

Grafana XSS via the OpenTSDB datasource in...

Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server

Mattermost viewing archived public channels permissions vulnerability in...

Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer

Apache Answer Race Condition vulnerability in...

Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server

Mattermost notified all users in the channel when using WebSockets to respond individually in...

Moby (Docker Engine) Insufficiently restricted permissions on data directory in github.com/docker/docker

Moby (Docker Engine) Insufficiently restricted permissions on data directory in...

Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server

Mattermost allows demoted guests to change group names in...

Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport

Teleport Access List owners can escalate their privileges in...

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in k8s.io/ingress-nginx

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in...

Mattermost race condition in github.com/mattermost/mattermost-server

Mattermost race condition in...

Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in github.com/rancher/rancher

Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in...

Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security

Improper Restriction of Excessive Authentication Attempts in...

Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana

Grafana XSS via a query alias for the ElasticSearch datasource in...

Etcd embed auto compaction retention negative value causing a compaction loop or a crash in go.etcd.io/etcd

Etcd embed auto compaction retention negative value causing a compaction loop or a crash in...

Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers in github.com/dexidp/dex

Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers in...

Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server

Mattermost Cross-site Scripting vulnerability in...

HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

HashiCorp Vault Improper Privilege Management in...

Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server

Mattermost allows attackers access to posts in channels they are not a member of in...

HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

HashiCorp Vault Improper Privilege Management in...

Server-Side Request Forgery in github.com/greenpau/caddy-security

Server-Side Request Forgery in...

Authentik vulnerable to PKCE downgrade attack in goauthentik.io

Authentik vulnerable to PKCE downgrade attack in...

Cross-site Scripting in github.com/greenpau/caddy-security

Cross-site Scripting in...

Grafana information disclosure in github.com/grafana/grafana

Grafana information disclosure in...

Improper Authentication in HashiCorp Vault in github.com/hashicorp/vault

Improper Authentication in HashiCorp Vault in...

Hashicorp Vault may expose sensitive log information in github.com/hashicorp/vault

Hashicorp Vault may expose sensitive log information in...

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in github.com/apache/servicecomb-service-center

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in...

Grafana XSS via a column style in github.com/grafana/grafana

Grafana XSS via a column style in...

Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

Token leases could outlive their TTL in HashiCorp Vault in...

Classic builder cache poisoning in github.com/docker/docker

Classic builder cache poisoning in...

MongoDB Tools Improper Certificate Validation vulnerability in github.com/mongodb/mongo-tools

MongoDB Tools Improper Certificate Validation vulnerability in...

Rancher 'Audit Log' leaks sensitive information in github.com/rancher/rancher

Rancher 'Audit Log' leaks sensitive information in...