APM – Agent Package Manager 后置链接漏洞

APM – Agent Package Manager is an open-source AI-based dependency management tool developed by Microsoft. In versions 0.5.4 to 0.12.4 of APM, there was a post-link vulnerability. This vulnerability stemmed from calls to functions like Path.glob and Path.rglob, which followed symbolic links. As a...

MiracleLinux 4 : spice-server-0.12.0-12.AXS4.3 (AXSA:2013-596:04)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-596:04 advisory. The Simple Protocol for Independent Computing Environments SPICE is a remote display system built for virtual environments which allows you to view a computin...

EUVD-2018-14330

Malware in sbrugna...

EUVD-2018-1872

Malware in sbrugna...

EUVD-2024-2845

Malicious code in bioql PyPI...

Security update for buildkit

This update for buildkit fixes the following issues: Update to version 0.12.5: update runc to v1.1.12 exec: add extra validation for submount sources fixes CVE-2024-23651, bsc1219267 oci: fix error handling on submount calls executor: recheck mount stub path within root after container run fixes...

CVE-2024-45601 Local file Inclusion via static file serving functionality in Mesop

Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validatio...

CVE-2024-45601 Local file Inclusion via static file serving functionality in Mesop

Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validatio...

OPENSUSE-SU-2024:10119-1 quassel-base-0.12.4-3.3 on GA media

These are all security issues fixed in the quassel-base-0.12.4-3.3 package on the GA media of openSUSE Tumbleweed...

WordPress plugin WPGraphQL WooCommerce security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in the...

PT-2024-11510 · WordPress · Wpgraphql Woocommerce

Name of the Vulnerable Software and Affected Versions: WPGraphQL WooCommerce WordPress plugin versions prior to 0.12.4 Description: The issue allows unauthenticated attackers to enumerate a shop's coupon codes and values via GraphQL. This can be done through GraphQL endpoints, potentially exposin...

OESA-2023-1364 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code Security Fixes: Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the...

SUSE CVE-2023-26130

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due...

DEBIAN-CVE-2023-26130

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due...

cpp-httplib 注入漏洞

cpp-httplib is an HTTP/HTTPS server and client library written in C++. A security vulnerability exists in cpp-httplib versions prior to 0.12.4 that stems from vulnerability to CRLF injection, which can lead to logic errors and other misbehavior...

PT-2023-3153 · Yhirose · Cpp-Httplib

Name of the Vulnerable Software and Affected Versions: yhirose/cpp-httplib versions prior to 0.12.4 Description: The issue is related to the incomplete fix for a previous problem, which allows an attacker to inject arbitrary HTTP headers when untrusted user input is used to set the content-type...

SUSE CVE-2018-1000178

A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessageconst QByteArray &msg datastreampeer.cpp line 62 that allows an attacker to execute code remotely...

SUSE CVE-2018-1000179

A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handleconst Login &msg coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service...

SUSE CVE-2021-42586

A heap buffer overflow was discovered in copybytes in decoder2007.c in dwgread before 0.12.4 via a crafted dwg file...

SUSE CVE-2021-42585

A heap buffer overflow was discovered in copycompressedbytes in decoder2007.c in dwgread before 0.12.4 via a crafted dwg file...