Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.8.3 and prior to 10.8.x, 10.5.8 and prior to 10.5.x, 9.11.17 and prior to 9.11.x, 10.10.0 and prior to 10.10.x, and 10.9.3 and prior to 10.9.x,...

Jellyfin Web Cross-Site Scripting (XSS) via Collection Name

In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim...

CVE-2023-23635

In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim...

CVE-2023-23635

Jellyfin 10.8.x through 10.8.3 is affected by a stored XSS in the name of a collection that can exfiltrate the victim’s access tokens from localStorage. This is documented across multiple sources (NVD, Red Hat, GHSA, OSV, etc.). The vulnerability impact is limited to confidentiality through token...

CVE-2018-14364

GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component...

Apple Mac OS X Multiple Vulnerabilities -01 (Mar 2015)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple Mac OS X Multiple Vulnerabilities -08 (Sep 2014)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple Mac OS X Multiple Vulnerabilities -04 (Sep 2014)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities

The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.5. The newer version contains multiple security-related fixes for the following components : - Apache - Bind - Certificate Trust Policy - CoreGraphics - ImageIO - Installer - IPSec - Kernel - Mobile Device Management -...

Apple iOS6 特殊阿拉伯字符拒绝服务漏洞

Apple iOS是由苹果公司开发的手持设备操作系统。 Apple iOS6版本在处理包含某些特殊阿拉伯字符字符的邮件、短信或是微博时，就会造成应用程序闪退。此漏洞系iOS6相关漏洞，iOS7无此现象。mac chrome／safrari也受影响。 0 Apple MacOS 10.8.x Apple iOS 6 临时解决方法： Sebug建议您根据需要升级到iOS7. 厂商补丁： Apple ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://support.apple.com/...

CVE-2013-3954

The posixspawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to 1 cause a denial of service panic via a size value that is inconsistent with a header count field, or 2 obtain sensitive...

CVE-2013-3949

The posixspawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the POSIXSPAWNDISABLEASLR and POSIXSPAWNALLOWDATAEXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the...

Design/Logic Flaw

The posixspawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to 1 cause a denial of service panic via a size value that is inconsistent with a header count field, or 2 obtain sensitive...

Path traversal

sys/openbsd/stackprotector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the...

Design/Logic Flaw

The machportspaceinfo function in osfmk/ipc/machdebug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call...

CVE-2013-3949

The posixspawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the POSIXSPAWNDISABLEASLR and POSIXSPAWNALLOWDATAEXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the...

CVE-2013-3952

The fillpipeinfo function in bsd/kern/syspipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROCPIDFDPIPEINFO option to the procinfo system call for a kernel pipe handle...

CVE-2013-3954

CVE-2013-3954 affects Apple OS X/macOS kernels (e.g., OS X 10.8.x) where the posix_spawn API arguments to file/port actions are not properly validated. The underlying cause is insufficient bounds checking on data for file actions and port actions, enabling a local attacker to trigger a panic (DoS...

CVE-2013-3949

The CVE-2013-3949 entry concerns the XNU kernel used in Apple Mac OS X 10.8.x. The issue arises in the posix_spawn system call, which does not prevent the use of _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid/setgid programs. This enables local users to bypass intende...

CVE-2013-3952

The CVE affects Apple Mac OS X 10.8.x, specifically the XNU kernel’s fill_pipeinfo in bsd/kern/sys_pipe.c. The vulnerability allows local users to defeat KASLR by abusing the PROC_PIDFDPIPEINFO option to the proc_info system call on a kernel pipe handle. Potential impact is exposure of kernel add...