CVE-2023-22514

This High severity RCE Remote Code Execution vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.8, and a CVSS Vector of: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H which allows an...

WordPress Branda Plugin <= 3.4.14 is vulnerable to Bypass Vulnerability

Software Branda Type Plugin Vulnerable versions = 3.4.14 Fixed in 3.4.15 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-51542 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID 6298c3f8ebb2 Credits Brandon Roldan Required privilege...

Statamic CMS vulnerable to remote code execution via form uploads

Impact Similar to another advisory, certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fields in the control panel. Patches It has been patched in 3.4.14 and...

GHSA-2R53-9295-3M86 Statamic CMS vulnerable to remote code execution via form uploads

Impact Similar to another advisory, certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fields in the control panel. Patches It has been patched in 3.4.14 and...

Input validation

Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fiel...

Atlassian Sourcetree Remote Code Execution Vulnerability

Atlassian Sourcetree is a free Git and Mercurial client tool from Atlassian Australia that manages repositories using a visual interface. A remote code execution vulnerability exists in Atlassian Sourcetree version 3.4.14, which stems from a security flaw in a component or feature that allows an...

CVE-2021-4185 affecting package wireshark for versions less than 3.4.14-1

CVE-2021-4185 affecting package wireshark for versions less than 3.4.14-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-22222 affecting package wireshark for versions less than 3.4.14-1

CVE-2021-22222 affecting package wireshark for versions less than 3.4.14-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-0585 affecting package wireshark for versions less than 3.4.14-1

CVE-2022-0585 affecting package wireshark for versions less than 3.4.14-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-39929 affecting package wireshark for versions less than 3.4.14-1

CVE-2021-39929 affecting package wireshark for versions less than 3.4.14-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-39923 affecting package wireshark for versions less than 3.4.14-1

CVE-2021-39923 affecting package wireshark for versions less than 3.4.14-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-22235 affecting package wireshark for versions less than 3.4.14-1

CVE-2021-22235 affecting package wireshark for versions less than 3.4.14-1. An upgraded version of the package is available that resolves this issue...

AZL-8635 CVE-2022-0585 affecting package wireshark for versions less than 3.4.14-1

Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file...

AZL-8614 CVE-2022-0586 affecting package wireshark for versions less than 3.4.14-1

Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file...

AZL-8612 CVE-2022-0581 affecting package wireshark for versions less than 3.4.14-1

Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file...

AZL-7417 CVE-2021-4181 affecting package wireshark for versions less than 3.4.14-1

Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file...

AZL-7420 CVE-2021-4185 affecting package wireshark for versions less than 3.4.14-1

Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file...

AZL-7412 CVE-2021-39924 affecting package wireshark for versions less than 3.4.14-1

Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file...

AZL-7411 CVE-2021-39923 affecting package wireshark for versions less than 3.4.14-1

Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file...

AZL-7414 CVE-2021-39926 affecting package wireshark for versions less than 3.4.14-1

Buffer overflow in the Bluetooth HCIISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file...