EUVD-2020-0323

Malware in sbrugna...

EUVD-2022-5338

Malicious code in bioql PyPI...

Security update for httpcomponents-client, httpcomponents-core

This update for httpcomponents-client, httpcomponents-core fixes the following issues: httpcomponents-client: - Update to version 4.5.14 HTTPCLIENT-2206: Corrected resource de-allocation by fluent response objects. HTTPCLIENT-2174: URIBuilder to return a new empty list instead of unmodifiable...

OPENSUSE-SU-2024:14478-1 httpcomponents-client-4.5.14-1.1 on GA media

These are all security issues fixed in the httpcomponents-client-4.5.14-1.1 package on the GA media of openSUSE Tumbleweed...

Elide Authorization Issues Vulnerability

Elide is a self-contained API for web and mobile applications written in Java. An authorization issue vulnerability exists in versions of Elide prior to 4.5.14. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a networked system or product...

GHSA-2MXR-89GF-RC4V Read permissions not enforced for client provided filter expressions in Elide.

Impact It is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence ...

Information disclosure

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of serv...

Samba Server 'SMB 1/2/3' MitM Vulnerability (CVE-2017-12150)

Samba is prone to a MitM vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba"; ifdescription...

Samba Server 'SMB3' MitM Vulnerability (CVE-2017-12151)

Samba is prone to a MitM vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba"; ifdescription...

Samba Server 'SMB1' Memory Information Leak Vulnerability (CVE-2017-12163)

Samba is prone to a memory information leak vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba";...

SMB3 connections don't keep encryption across DFS redirects

Description Client command line tools like 'smbclient' as well as applications using 'libsmbclient' library have support for requiring encryption. This is activated by the '-e|--encrypt' command line option or the smbcsetOptionSmbEncryptionLevel library call. By default, only SMB1 is used in orde...

[SECURITY] [DSA 2445-1] typo3-src security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2445-1 [email protected] http://www.debian.org/security/ Florian Weimer March 31, 2012 http://www.debian.org/security/faq -...

Debian DSA-1945-1 : gforge - symlink attack

Sylvain Beucler discovered that gforge, a collaborative development tool, is prone to a symlink attack, which allows local users to perform a denial of service attack by overwriting arbitrary files. The oldstable distribution etch, this problem has been fixed in version 4.5.14-22etch13...

Sql injection

SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly other versions allows remote attackers to execute arbitrary SQL commands via unknown vectors...

CVE-2009-3303

CVE-2009-3303 affects GForge and its help/tracker.php script. Versions 4.5.14, 4.7 rc2, and 4.8.1 are vulnerable to a cross-site scripting (XSS) flaw via the helpname parameter due to insufficient input sanitising. The issue allows remote attackers to inject arbitrary HTML/script content into a u...

CVE-2009-4069

CVE-2009-4069 affects GForge, with multiple cross-site scripting (XSS) vulnerabilities reported in at least GForge 4.5.14 and 4.7.3 (and possibly other versions). Attackers can inject arbitrary web script or HTML via unspecified vectors. The Red Hat, Debian, and Ubuntu entries reiterate XSS issue...

Debian DSA-1818-1 : gforge - insufficient input sanitising

Laurent Almeras and Guillaume Smet have discovered a possible SQL injection vulnerability and cross-site scripting vulnerabilities in gforge, a collaborative development tool. Due to insufficient input sanitising, it was possible to inject arbitrary SQL statements and use several parameters to...

Debian Security Advisory DSA 1698-1 (gforge)

The remote host is missing an update to gforge announced via advisory DSA 1698-1. OpenVAS Vulnerability Test $Id: deb16981.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1698-1 gforge Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

DSA-1698-1 gforge - SQL injection

Bulletin has no description...

Design/Logic Flaw

The writearrayfile function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances...