Linux Distros Unpatched Vulnerability : CVE-2020-5259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In affected versions of dojox NPM package, the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties...

BIT-HUBBLE-UI-BACKEND-2023-27594

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...

OESA-2024-1426 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions...

CVE-2024-21747

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CR...

CVE-2024-21747 WordPress WP ERP Plugin <= 1.12.8 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CR...

PT-2024-19034 · Wedevs · Wedevs Wp Erp

Name of the Vulnerable Software and Affected Versions: weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting versions 1.12.8 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also...

WordPress WP ERP Plugin <= 1.12.8 is vulnerable to SQL Injection

Software WP ERP Type Plugin Vulnerable versions = 1.12.8 Fixed in 1.12.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-21747 Patch priority Medium CVSS severity Medium 7.6 Developer Claim ownership PSID bff329846441 Credits Arvandy Required privilege Accounting Manager...

Cilium 日志信息泄露漏洞

Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. A logging information disclosure vulnerability exists in Cilium that stems from Cilium logging...

CVE-2023-27594

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...

CVE-2023-27594 Cilium vulnerable to potential network policy bypass when routing IPv6 traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...

PT-2023-21234 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.11.15 Cilium versions prior to 1.12.8 Cilium versions prior to 1.13.1 Description: Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...

DEBIAN-CVE-2023-28100

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the TIOCLINUX ioctl command instead of TIOCSTI. If a Flatpak app is run on a Linux...

Flatpak 安全漏洞

Flatpak is an application virtualization system for Linux desktop application computer environments. A security vulnerability exists in Flatpak versions prior to 1.10.8, 1.12.x through 1.12.8, 1.14.x through 1.14.4, and 1.15.x through 1.15.4. An attacker could exploit the vulnerability to elevate...

dbus security update

1.12.8-23.0.1 - fix netlink poll: error 4 Zhenzhong Duan 1:1.12.8-23.1 - Fix CVE-2022-42010 2133644 - Fix CVE-2022-42011 2133638 - Fix CVE-2022-42012 2133632...

Incorrect Authorization

Overview std/net/url is a Go standard library package std/net/url Affected versions of this package are vulnerable to Incorrect Authorization. Go Vulnerability Report: The url.Parse function accepts URLs with malformed hosts, such that the Host field can have arbitrary suffixes that appear in...

Istio 缓冲区错误漏洞

Istio is a set of open platforms for connecting, managing, and securing microservices. Istio suffers from a buffer error vulnerability, which stems from the fact that an incorrectly formatted header sent to the Envoy in certain configurations may cause an unexpected memory access that could crash...

NewStart CGSL CORE 5.05 / MAIN 5.05 : docker-ce Multiple Vulnerabilities (NS-SA-2022-0044)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has docker-ce packages installed that are affected by multiple vulnerabilities: - net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications...

CVE-2020-5259

In affected versions of dojox NPM package, the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

Code injection

In affected versions of dojox NPM package, the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

AZL-78948 CVE-2019-14809 affecting package golang 1.25.7-1

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname nor Port, and is related to a non-numeric port number. For example, an...