GHSA-HX9Q-6W63-J58V orjson does not limit recursion for deeply nested JSON documents

The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents...

EUVD-1999-0381

Malware in sbrugna...

@adobe/helix-google-support (>=2.0.13 <=3.0.8), @adobe/helix-html-pipeline (>=3.4.2 <=5.0.11) +392 more potentially affected by CVE-2024-28176 via jose (>=3.11.6 <=4.15.4)

jose NPM version =3.11.6, =2.0.13, =3.4.2, =1.11.77, =8.3.7, =2.1.2, =1.6.0, =2.1.1, =1.5.3, =7.1.0, =0.1.0, =1.23.2, =0.1.1, =0.1.4 and more Source cves: CVE-2024-28176 Source advisory: OSV:GHSA-HHHV-Q57G-882Q...

PT-2023-24376 · Guanzhou Tozed Kangwei Intelligent Technology · Zlts10G

Name of the Vulnerable Software and Affected Versions: Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G version S10G 3.11.6 Description: A Cross-Site Request Forgery CSRF issue allows attackers to takeover user accounts by sending a crafted POST request to the "/goform/goform set cmd process...

CVE-2023-3124 Elementor Pro <= 3.11.6 - Authenticated(Subscriber+) Privilege Escalation via update_page_option

The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updatepageoption function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update...

PT-2023-23260 · Elementor · Elementor Pro

Name of the Vulnerable Software and Affected Versions: Elementor Pro versions up to, and including, 3.11.6 Description: The issue allows authenticated attackers with subscriber-level capabilities to update arbitrary site options, potentially leading to privilege escalation, due to a missing...

SUSE CVE-2013-4299

Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device...

@dci-lint/cmd-api-server (>=0.5.0 <=0.6.1), @dci-lint/test-api-client (>=0.5.0 <=0.6.1) +38 more potentially affected by CVE-2022-36083 via jose (>=3.11.6 <=3.20.3)

jose NPM version =3.11.6, =0.5.0, =0.5.0, =0.5.0, =0.1.0, =0.1.0, =0.0.3-3.12.3, =1.8.2-feat1608-jose3-915162334-6607-1623076209.0, =1.8.2-feat1608-jose3-915162334-6607-1623076209.0, =1.8.2-feat1608-jose3-915162334-6607-1623076209.0, =1.8.2-feat1608-jose3-915162334-6607-1623076209.0, =8.1.0,...

[SECURITY] Fedora 34 Update: moodle-3.11.6-1.fc34

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities...

CVE-1999-0381

CVE-1999-0381 affects the syslog utility in super 3.11.6 and other versions, where a buffer overflow allows a local user to gain root privileges. The issue originates from the syslog component, with the impact described as local privilege escalation (root). Available connected documents confirm t...

CVE-1999-0381

super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access...

CVE-1999-0381

super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access...

[SECURITY] New versions of super fixes security problem

==================================================================== Debian GNU/Linux Security May 08, 1998 We have received a report that versions super were displaying files even if the particular user should not be able to read them. This has been forwarded to the upstream author, William Deic...