CVE-2023-32999

A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

CVE-2023-32999

A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

CVE-2023-32999

Summary (CVE-2023-32999) : Jenkins AppSpider Plugin 1.0.15 and earlier contains a missing permission check in a form validation path. This allows users with Overall/Read permission to reach an attacker-controlled URL and issue an HTTP POST with a JSON payload containing attacker-supplied credenti...

CVE-2023-29105

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1, SIMATIC Cloud Connect 7 CC716 All versions V2.1. The affected device is vulnerable to a denial of service while parsing a random non-JSON MQTT payload. This could allow an attacker who can...

Mint Bio NFT with mismatched SVG

Lines of code Vulnerability details Impact The tokenURI function of a given NFT contract must represent truth about the given tokenid. The Bio contract allows for minting of NFTs using a bio string. The tokenURI of a minted Bio NFT in turn generates a JSON response. This JSON payload includes the...

K58102101: BIG-IP ASM vulnerability CVE-2020-27718

Security Advisory Description When the BIG-IP ASM system processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. CVE-2020-27718 Impact When this vulnerability is exploited, the BIG-IP ASM system may take longer than...

PT-2023-32991 · Packagist · Pocketmine/Pocketmine-Mp

Name of the Vulnerable Software and Affected Versions: No specific software name is mentioned, but based on the context, it appears to be related to a server software, possibly a game server, with affected versions not specified. Description: The issue arises from a workaround for an old client b...

SUSE-SU-2022:4277-1 Security update for binutils

This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcppfile.h bsc1142579. - CVE-2021-3530: Fixed stack-based buffer overflow in demanglepath in rust-demangle.c bsc1185597. - CVE-2021-3648: Fixed...

SUSE-SU-2022:4146-1 Security update for binutils

This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcppfile.h bsc1142579. - CVE-2021-3530: Fixed stack-based buffer overflow in demanglepath in rust-demangle.c bsc1185597. - CVE-2021-3648: Fixed...

Khan Academy: xss due to incorrect handling of postmessages

Due to Insecure handling of create link tags a tags in a function called autolink found in 7Bmt.af733e428f9f986dfc96.js js e = n.autolinke, !0; const n = function const e = /\b?:?:https?://|www\d0,3.|a-z0-9.-+.a-z2,4/?:^\s&+|&|?:^\s|?:^\s+\+?:?:^\s|?:^\s+\|^\s!\;:'".,?«»“”‘’&/gi; return...

CVE-2022-36038 CircuitVerse potential RCE vulnerability via Oj.load

CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution RCE vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Executi...

CircuitVerse 代码问题漏洞

CircuitVerse is a free open source platform open sourced by CircuitVerse India. It allows users to build digital logic circuits online. CircuitVerse suffers from a code issue vulnerability that stems from its ability to allow an authenticated attacker to execute arbitrary code via a specially...

Arvados 代码问题漏洞

Arvados is an open source platform for managing and analyzing biomedical big data. A code issue vulnerability exists in Arvados versions prior to 2.4.1, which stems from insecure deserialization and can be exploited by an attacker to execute arbitrary code via a specially crafted JSON payload...

Liferay Portal Allows RCE via Deserialization of a JSON Payload

Liferay Portal CE 7.1.0 and earlier allows remote command execution because of deserialization of a JSON payload...

Vulnerability in Windows 10 URI handler leads to remote code execution

Researchers at Positive Security have discovered a drive-by remote code-execution RCE bug in Windows 10. The vulnerability can be triggered by an argument injection in the Windows 10 default handler for ms-officecmd: URIs. It is likely that this vulnerability also exists in Windows 11. What’s...

PYSEC-2021-100

FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery CSRF attack. I...

PYSEC-2021-100

FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery CSRF attack. I...

F5 Networks BIG-IP : BIG-IP ASM and Advanced WAF WebSocket vulnerability (K18570111)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.3 / 13.1.3.5 / 14.1.3.1 / 15.1.2 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K18570111 advisory. - On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before...

CVE-2021-22976

The CVE-2021-22976 issue affects F5 BIG-IP products with Advanced WAF/ASM. When the ASM system processes WebSocket requests containing JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the bd process, potentially impacting request processing latency. Affected...

CVE-2020-27718

When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process...