MiracleLinux 7 : gimp-2.8.16-3.el7, gimp-help-2.8.2-1.el7 (AXSA:2016-1136:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-1136:01 advisory. gimp GIMP GNU Image Manipulation Program is a powerful image composition and editing program, which can be extremely useful for creating logos and other...

CVE-2022-38351

A vulnerability in Suprema BioStar aka Bio Star 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page...

CVE-2023-27167

Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?searchmonth=1...

RHBA-2020:4195 Red Hat Bug Fix Advisory: Ansible 2.8.16 release for Ansible Engine 2.8

Bulletin has no description...

WordPress Campaign Monitor for WordPress Plugin <= 2.8.15 is vulnerable to Sensitive Data Exposure

Software Campaign Monitor for WordPress Type Plugin Vulnerable versions = 2.8.15 Fixed in 2.8.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6569 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 63abfd042be5 Credits...

CVE-2024-32476 Denial of Service via malicious jqPathExpressions in ignoreDifferences

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service DoS vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in versions 2.10.7, 2.9.12 and 2.8.16...

CVE-2024-32476 Denial of Service via malicious jqPathExpressions in ignoreDifferences

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service DoS vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in versions 2.10.7, 2.9.12 and 2.8.16...

CVE-2024-31990 Argo CD' API server does not enforce project sourceNamespaces

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16...

CVE-2024-31990

CVE-2024-31990 affects Argo CD: the API server did not enforce project sourceNamespaces, enabling UI-edited resources that should be controlled by gitops. Connected sources confirm this issue in Argo CD and link to fixes in version 2.10.7, 2.9.12, and 2.8.16. Remediation is upgrading to one of th...

PT-2024-24340 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.10.7 Argo CD versions prior to 2.9.12 Argo CD versions prior to 2.8.16 Description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces...

CVE-2022-31018 Denial of service binding form from JSON in Play Framework

Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the...

Lightbend Play Framework 安全漏洞

Lightbend Play Framework is a web application framework written in the Scala language from Lightbend, Inc. A security vulnerability exists in Lightbend Play Framework prior to version 2.8.16, which originates from the easy generation of error messages containing sensitive information...

Scientific Linux Security Update : gimp on SL7.x x86_64 (20161103)

The following packages have been upgraded to a newer upstream version: gimp 2.8.16, gimp-help 2.8.2. Security Fixes : - Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially craft...

openSUSE Security Update : gimp (openSUSE-2016-822)

gimp was updated to version 2.8.16 to fix one security issue. This security issue was fixed : - CVE-2016-4994: Use-after-free vulnerabilities in the channel and layer properties parsing process bsc986021. This non-security issues were fixed : - Core : - Seek much less when writing XCF - Don't see...