337 matches found
python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli
An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...
CVE-2024-21541
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not...
CVE-2024-21541
CVE-2024-21541 affects the npm package dom-iterator prior to version 1.0.1 . The vulnerability stems from use of the Function constructor without complete input sanitization, allowing an attacker-controlled input to generate a new function body, with risks similar to eval. This is corroborated by...
CVE-2024-49773
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...
CVE-2024-49773 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...
CVE-2024-49773 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...
CVE-2024-49773
SuiteCRM vulnerability CVE-2024-49773 involves poor input validation in the export functionality, where the authenticated user can abuse the current_post parameter to perform blind SQL injection via generateSearchWhere(), leading to potential information disclosure of personally identifiable info...
RHEL OpenPrinting cups-filters (RHSB-2024:002)
Binary data redhat-RHSB-2024-002.nbin...
CVE-2024-47175
CUPS is a standards-based, open-source printing system, and libppd can be used for legacy PPD file support. The libppd function ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as cfGetPrinterAttributes5, can...
CVE-2024-47175 libppd's ppdCreatePPDFromIPP2 function does not sanitize IPP attributes when creating the PPD buffer
CUPS is a standards-based, open-source printing system, and libppd can be used for legacy PPD file support. The libppd function ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as cfGetPrinterAttributes5, can...
CVE-2024-47175
CVE-2024-47175 affects CUPS via libppd, where ppdCreatePPDFromIPP2 does not sanitize IPP attributes when building the PPD buffer. When used with functions such as cfGetPrinterAttributes5, attacker-controlled input can lead to code execution through Foomatic, contributing to an exploit chain descr...
CVE-2024-44120
The CVE-2024-44120 entry concerns SAP NetWeaver Enterprise Portal, a SAP NetWeaver front-end component. It describes a reflected cross-site scripting (XSS) vulnerability caused by insufficient encoding of user-controlled input. An unauthenticated attacker can craft a malicious URL and entice a us...
CVE-2024-44120 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out, then the...
Risky Deserialization Calls - benryanconversion ( Office Connector Plugin)
The benryanconversion plugin contains a code path that eventually ends up with a partially user-controlled filename being treated as the input for a call to readObject see FileBackedCache.loadFile. To trigger this, an attacker would need to call the following, with a payload in the sheetName...
CVE-2024-8473
Cross-Site Scripting XSS vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through useremail parameter in /jobportal/admin/login.php...
CVE-2024-8471
Cross-Site Scripting XSS vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php...
CVE-2024-5936
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...
CVE-2024-5936 Open Redirect in imartinez/privategpt
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...
CVE-2024-5936 Open Redirect in imartinez/privategpt
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...
CVE-2024-5936 Open Redirect in imartinez/privategpt
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...