17 matches found
curl: Double-free vulnerability in libcurl with rustls via NoServerCertVerifier condition leads to application crash
Summary: There is a double-free in libcurl with rustls. The root cause is reported and it is fixed in https://github.com/curl/curl/pull/19425, while I did not try to evaluate the actual triggering at that time. No AI was used to find the issue or generate the report. Affected version It was...
Calibre 安全漏洞
Calibre is an open source free all-in-one eBook reading management and format conversion tool. An input validation error vulnerability exists in Calibre 8.13.0 and earlier versions, which stems from handling binary resources in FB2 files without validating the filename, and can be exploited by an...
Elastic Kibana 安全漏洞
Elastic Kibana is an available data visualization dashboard software from Elastic. A security vulnerability exists in Elastic Kibana versions prior to 8.13.0 that stems from insufficient server-side validation resulting in an authenticated attacker being able to upload malicious files...
Elasticsearch 8.13.0/7.17.23 Security Update (ESA-2024-12)
Elasticsearch elasticsearch-certutil csr fails to encrypt private key ESA-2024-12 It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is...
Elasticsearch Incorrect Authorization vulnerability
Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...
GHSA-R3HX-QFH5-R9M7 Elasticsearch Incorrect Authorization vulnerability
Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...
CVE-2024-23451
Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...
Elasticsearch 8.13.0 Security Update (ESA-2024-07)
Elasticsearch Improper Authorization in the Remote Cluster Security API key based security model ESA-2024-07 It was identified by the Elastic engineering team that the API key based security model for Remote Cluster Security, which is currently in Beta, is affected by an improper authorization...
Elasticsearch 安全漏洞
Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch versions prior to 8.13.0 that stems from an incorrect authorization issue in the API key-based security model, allowing an attacker with a remote cluster API key to read arbitrary...
FasterXML Vulnerability in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Tenable Nessus < 8.13.0 XSS Vulnerability (TNS-2020-10)
Tenable Nessus is prone to a cross-site scripting XSS vulnerability in jQuery. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2020-14184
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1...
CVE-2020-14184
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1...
CVE-2020-14184
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1...
Security improvements to the Velocity Uberspector
This ticket documents an improvement to the Velocity Uberspector's security, locking down which classes can be accessed. This change is a defence-in-depth against potential Remote Code Execution RCE and Injection attacks. The versions which do not have this improvement are before version 8.12.3...
CVE-2016-9469
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix...
Ipswitch IMail Server < 8.13.0 Multiple Vulnerabilities
Binary data 2256.prm...