BIT-GOLANG-2020-7919

Go before 1.12.16 and 1.13.x before 1.13.7 and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go allows attacks on clients resulting in a panic via a malformed X.509 certificate...

Apache Subversion Server SEoL (1.13.x)

According to its version, Apache Subversion Server is 1.13.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL...

Fedora 35 : dbus (2022-7a963a79d1)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-7a963a79d1 advisory. Update to 1.12.24 Fix CVE-2022-42010, CVE-2022-42011, CVE-2022-42012 Tenable has extracted the preceding description block directly from the Fedora...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : DBus vulnerabilities (USN-5704-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5704-1 advisory. It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibl...

CVE-2022-42010

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures...

PT-2022-5137 · D-Bus +10 · D-Bus +10

Name of the Vulnerable Software and Affected Versions: D-Bus versions 1.12.24 and earlier, 1.13.x, 1.14.x before 1.14.4, and 1.15.x before 1.15.2 Description: An issue was discovered in D-Bus where an authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when...

GHSA-G95P-88P4-76CM Cross-site Scripting in Gitea

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations...

CVE-2021-28378

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations...

CVE-2021-28378

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations...

Cross site scripting

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations...

CVE-2021-28378

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations...

CVE-2019-19901

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying certain block descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute...

CVE-2019-19900

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying content type names in the content creation interface. An attacker could potentially craft a specialized content type name, then have an editor execute...

Design/Logic Flaw

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling...

UBUNTU-CVE-2019-16276

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling...

Google Go Environmental Issues Vulnerability

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. An environment issue vulnerability exists in Google Go versions prior to 1.12.10 and 1.13.x prior to 1.13.1, which can be exploited by an attacker to bypass filters or perform a...

Kubernetes 1.11.x < 1.11.9 / 1.12.x < 1.12.7 / 1.13.x < 1.13.5 kubectl directory traversal

The version of Kubernetes installed on the remote host is version 1.11.x prior to 1.11.9, 1.12.x prior to 1.12.7 or 1.13.x prior to 1.13.5. It is, therefore, affected by a directory traversal vulnerability in the kubectl cp command due to mishandling of symlinks when copying files from a running...

Backdrop CMS Cross-Site Scripting Vulnerability

Backdrop CMS is an open source content management system CMS. A cross-site scripting vulnerability exists in Backdrop CMS versions 1.12.x before 1.12.8 and 1.13.x before 1.13.3. The vulnerability stems from a lack of proper validation of client-side data in the web application. An attacker can...

Design/Logic Flaw

The 1 filesystem::getwmllocation function in filesystem.cpp and 2 islegalfile function in filesystemboost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML...

CVE-2015-7565

Cross-site scripting XSS vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML...