Fedora: Security Advisory for jdeparser (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: jdeparser-2.0.3-17.fc40

This project is a fork of Sun's now Oracle's com.sun.codemodel project. We decided to fork the project because by all evidence, the upstream project is dead and not actively accepting outside contribution. All JBoss projects are urged to use this project instead for source code generation...

[SECURITY] Fedora 40 Update: javaparser-3.25.8-3.fc40

This package contains a Java 1 to 13 Parser with AST generation and visitor support. The AST records the source code structure, javadoc and comments. It is also possible to change the AST nodes or create new ones to modify the source code...

Design/Logic Flaw

A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. This affects an unknown part of the file login.sql. The manipulation leads to inclusion of sensitive information in source code. It is possible to initiate the attack remotely. The explo...

CVE-2024-2265

CVE-2024-2265 affects the keerti1924 PHP-MYSQL-User-Login-System 1.0. The issue is in an unknown part of login.sql and results in inclusion of sensitive information in the source code, exposing confidential data. Attacks are described as remote, with the exploit publicly disclosed. Multiple conne...

CVE-2024-2265 keerti1924 PHP-MYSQL-User-Login-System login.sql inclusion of sensitive information in source code

A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. This affects an unknown part of the file login.sql. The manipulation leads to inclusion of sensitive information in source code. It is possible to initiate the attack remotely. The explo...

BIT-GITLAB-2020-13261

Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...

BIT-GITLAB-2023-1178

An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a...

BIT-GITLAB-2023-3413 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to...

BIT-GRAFANA-2022-26148

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in...

BIT-GOLANG-2023-24537 Infinite loop in parsing in go/scanner

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

BIT-GITLAB-2023-6051 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag...

BIT-AIRFLOW-2023-50944 Apache Airflow: Bypass permission verification to read code of other dags

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version...

Customer Support System 1.0 SQL Injection

Exploit Title: Customer Support System 1.0 - Multiple SQL injection vulnerabilities Date: 15/12/2023 Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scenarios in Airflow lies in the ability to disclose information in error-prone areas of the data. This allows attackers to gain access to the source code of DAGs.

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scenarios in Airflow is related to the disclosure of information in the error-prone data area. Exploiting this vulnerability can allow a malicious actor to gain access to the source code of the DAG...

CVE-2023-52581

A use-after-free flaw was found in the Linux kernel’s nftables sub-component due to a race problem between the set GC and transaction in the Linux Kernel. This flaw allows a local attacker to crash the system. This flaw is similar to the previous CVE-2023-4244 but for a different part of the sour...

Simple Student Attendance System v1.0 - Time Based Blind SQL Injection Vulnerability

Exploit Title: Simple Student Attendance System - Time Based Blind SQL Injection Exploit Author: Gnanaraj Mauviel @0xm3m Vendor: oretnom23 Vendor Homepage: https://www.sourcecodester.com/php/17018/simple-student-attendance-system-using-php-and-mysql.html Software Link:...

AC Repair And Services System 1.0 SQL Injection

Exploit Title: AC Repair and Services System v1.0 - Multiple SQL Injection Date: 27 December 2023 Exploit Author: Gnanaraj Mauviel @0xm3m Vendor: oretnom23 Vendor Homepage: https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html...

Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection

Exploit Title: Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection Date: 26 December 2023 Exploit Author: Gnanaraj Mauviel @0xm3m Vendor: oretnom23 Vendor Homepage:...

U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp

A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other remote access trojans to Meta as part of the social media giant's ongoing litigation against the Israeli spyware vendor. The decision marks a major legal victory for Meta, which filed the lawsuit in October 2019...