15 matches found
Astra Linux - уязвимость в node-qs
The qs format used before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process to hang for an Express application. This is because the proto key can be exploited. In many typical Express use cases, an unauthenticated remote attacker can insert the...
CVE-2026-31859
Craft is a content management system CMS. The fix for CVE-2025-35939 in craftcms/cms introduced a striptags call in src/web/User.php to sanitize return URLs before they are stored in the session. However, striptags only removes HTML tags angle brackets -- it does not inspect or filter URL schemes...
EUVD-2023-3008
Malicious code in bioql PyPI...
EUVD-2023-3065
Malicious code in bioql PyPI...
CVE-2025-3438
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. This is due to a lack of restriction of role when registering. This makes it possible for unauthenticated attackers to to...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.17.3 security update
Red Hat OpenShift Container Platform release 4.17.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...
CVE-2023-47112
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and...
CVE-2023-48222
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or...
CVE-2023-48222 Authenticated users can view or delete jobs they do not have authorization for in Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or...
CVE-2023-48222 Authenticated users can view or delete jobs they do not have authorization for in Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or...
Rundeck Security Breach
Rundeck is an open source automation service with a web console, command line tools, and webAPI from Rundeck Inc. in the United States, which is primarily used to run automation tasks. A security vulnerability exists in Rundeck versions prior to 4.17.3, which stems from a vulnerability that could...
RHEL 8 : nodejs:14 (RHSA-2023:1742)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1742 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
K11414891: Linux Kernel vulnerability CVE-2018-13053
Security Advisory Description The alarmtimernsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktimeaddsafe is not used. CVE-2018-13053 Impact There is no impact; F5 products are not affected by this...
Linux kernel denial of service vulnerability (CNVD-2018-12668)
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A denial of service vulnerability exists in fs/f2fs/inode.c in 4.17.3 and earlier versions of the Linux kernel. An...
Linux kernel integer overflow vulnerability (CNVD-2018-16692)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An integer overflow vulnerability exists in the kernel/time/posix-timers.c file of the POSIX timer code in Linux kernel 4.17.3 and earlier. A local attacker could...