CVE-2020-10241

An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of comtemplates lead to CSRF...

BIT-JOOMLA-2020-10239

An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of comfields allows access for non-superadmin users...

BIT-PYTHON-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

GitHub Enterprise Server Security Vulnerability

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...

CVE-2024-4316

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to insufficient input...

PT-2024-30351 · WordPress · Embedpress

Name of the Vulnerable Software and Affected Versions: EmbedPress plugin for WordPress versions up to and including 3.9.16 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

Security Bulletin: Vulnerabilities in Python below 3.9.16 affecting IBM Spectrum Protect Plus and its application agents for IBM Db2 and MongoDb2 using python.

Summary CVE-2020-10735 Python is vulnerable to a denial of service, caused by the failure to limit amount of digits converting text to int by the int type in PyLongFromString. A remote attacker could exploit this vulnerability to consume all available resources. IBM Spectrum Protect Plus and its...

PT-2023-23593 · Unknown · Vert.X Stomp

Name of the Vulnerable Software and Affected Versions: Vert.x STOMP versions 3.1.0 through 3.9.16 Vert.x STOMP versions 4.0.0 through 4.4.2 Description: The Vert.x STOMP server processes client STOMP frames without checking that the client sent an initial CONNECT frame replied with a successful...

PT-2023-2417

Name of the Vulnerable Software and Affected Versions vm2 versions up to 3.9.16 Description The issue exists due to inadequate sanitization of special elements in the handleException function of the vm2 library, allowing a remote attacker to escape the sandbox and execute arbitrary code in the ho...

Security fix for the ALT Linux 10 package python3 version 3.9.16-alt1

3.9.16-alt1 built March 27, 2023 Grigory Ustinov in task 317117 March 21, 2023 Grigory Ustinov - Updated to upstream version 3.9.16 Closes: 45598 Fixes: CVE-2022-37454...

PT-2023-16292 · WordPress · Auto Featured Image

Name of the Vulnerable Software and Affected Versions: Auto Featured Image Auto Post Thumbnail WordPress plugin versions prior to 3.9.16 Description: The issue is caused by incorrect file extension validation, allowing any user with at least Author privileges to upload arbitrary files, such as PH...

Python DoS Vulnerability (Oct 2022) - Linux

Python is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Python DoS Vulnerability (Oct 2022) - Mac OS X

Python is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Python <= 3.10.x Buffer Overflow Vulnerability - Linux

Python is prone to a buffer overflow vulnerability in the sha3 module. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library when used with the forkserver start method on Linux allows pickles to be deserialized from any user in the same machine local network namespace which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3 but users would need to make specific

...

PSF-2022-10 Slow IDNA decoding with large strings

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

Python Shell Command Injection Vulnerability (bpo-24778) - Linux

Python is prone to a shell command injection vulnerability in the mailcap module. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Python Shell Command Injection Vulnerability (bpo-24778) - Windows

Python is prone to a shell command injection vulnerability in the mailcap module. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Joomla! access control error vulnerability (CNVD-2020-25677)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An Access Control Error vulnerability exists in Joomla! versions 2.5.0 through 3.9.16, which stems from a failure to properly validate input and can...

Joomla! access control error vulnerability (CNVD-2020-25678)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An access control error vulnerability exists in Joomla! versions 3.8.8 through 3.9.16, which can be exploited by an attacker to make unauthorized...