PT-2026-26157

OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1, the Repositories module did not properly escape filenames displayed from repositories. This allowed an attacker with push access into the repository to create commits wit...

F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM vulnerability (K000158072)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3. It is, therefore, affected by a vulnerability as referenced in the K000158072 advisory. When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with condition...

F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM vulnerability (K000154664)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000154664 advisory. When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests...

EUVD-2024-3301

Malicious code in bioql PyPI...

CVE-2024-49770

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default oak does not allow transferring of hidden files with Context.send API. However, prior to version 17.1.3, this can be bypassed by encoding / as its URL encoded...

CVE-2024-49770 oak's path traversal allows transfer of hidden files within the served root directory

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default oak does not allow transferring of hidden files with Context.send API. However, prior to version 17.1.3, this can be bypassed by encoding / as its URL encoded...

CVE-2024-49770 oak's path traversal allows transfer of hidden files within the served root directory

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default oak does not allow transferring of hidden files with Context.send API. However, prior to version 17.1.3, this can be bypassed by encoding / as its URL encoded...

CVE-2024-49770 oak's path traversal allows transfer of hidden files within the served root directory

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default oak does not allow transferring of hidden files with Context.send API. However, prior to version 17.1.3, this can be bypassed by encoding / as its URL encoded...

oak 安全漏洞

oak is a middleware framework from oak open source. A security vulnerability exists in oak versions prior to 17.1.3. An attacker exploiting the vulnerability can read sensitive user data or gain access to server secrets...

PT-2024-33679 · Oak · Oak

Name of the Vulnerable Software and Affected Versions: oak versions prior to 17.1.3 Description: The issue allows an attacker to bypass the default restriction on transferring hidden files using the Context.send API by encoding / as its URL encoded form %2F. This can potentially lead to reading...

Adobe After Effects < 17.1.3 Multiple Arbitrary Code Execution (APSB20-62) (macOS)

The version of Adobe After Effects installed on the remote macOS host is prior to 17.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB20-62 advisory. - Adobe After Effects version 17.1.1 and earlier for Windows is affected by an uncontrolled search path...

RHSA-2024:4274 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.3 (openstack-nova) security update

Bulletin has no description...

RHSA-2024:4272 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.3 security update

Bulletin has no description...

RHEL 9 : Red Hat OpenStack Platform 17.1.3 (RHSA-2024:5083)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:5083 advisory. Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service IaaS cloud...

GitLab 16.11 < 17.0.5 / 17.1 < 17.1.3 / 17.2 < 17.2.1 (CVE-2024-5067)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level...

GitLab 16.7 < 17.0.5 / 17.1 < 17.1.3 / 17.2 < 17.2.1 (CVE-2024-7057)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job...

GHSA-MHXJ-85R3-2X55 file-type vulnerable to Infinite Loop via malformed MKV file

An issue was discovered in the file-type package from 13.0.0 until 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack when...

PT-2021-22236 · Openstack +3 · Openstack Neutron +3

Name of the Vulnerable Software and Affected Versions: OpenStack Neutron versions prior to 16.4.1 OpenStack Neutron 17.x versions prior to 17.1.3 OpenStack Neutron version 18.0.0 Description: The issue allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on ...