GitLab < 14.10.5 (CVE-2022-2227)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a...

CVE-2022-2227

Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions...

Double free

Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2022-22086

CVE-2022-22086 is a memory corruption issue due to a double free while parsing a 3gp clip with invalid meta data atoms in Qualcomm Snapdragon components (Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Voice & Music/Wearables). Affected are Qualcomm Snapdragon products; the root caus...

CVE-2022-22086

Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

Meta Data Is Not Stripped From images

Hey team, while uploading site/page logo as an administrator, The meta data of the image like geolocation, device information, version, name etc is not getting stripped, as a result the attacker can collect all the meta data information of the image by using tools like exif tool, metadata...

Access controll bypass in Apache Tomcat

Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for...

The vulnerability of the `stream_get_meta_data` function in the PHP programming language exists due to insufficient checks on input data, allowing attackers to compromise the integrity of the information.

The vulnerability of the streamgetmetadata function in the PHP programming language exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the integrity of information...

USN-5368-1: Linux kernel vulnerabilities

It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-23222 It was discovered that the network traffic contro...

WordPress SheetPress – Manage WordPress Meta data with Google Sheets plugin <= 1.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress SheetPress – Manage WordPress Meta data with Google Sheets plugin versions = 1.1. Solution No patched version available...

WordPress SheetPress – Manage WordPress Meta data with Google Sheets plugin <= 1.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress SheetPress – Manage WordPress Meta data with Google Sheets plugin versions = 1.1. Solution No patched version available...

SMA100 Improper Access Control Vulnerability allowed restricted management APIs accessible

An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.IMPORTANT: There is no evidence that these vulnerabilities are being exploited in the wild. CVE:...

CVE-2020-27356

The CVE-2020-27356 entry concerns the WordPress plugin debug-meta-data (version 1.1.2). The vulnerability is an XSS flaw in this plugin component. Root cause details are not fully enumerated in the provided documents, but the CVSS scores indicate a low to medium overall impact: CVSSv2 base score ...

Server-Side Request Forgery (SSRF) in zmister2016/mrdoc

Description ● SSRF in /uploaddocimg/, an attacker could abuse url to visit any intranet in the envioronment of MrDoc server, casuing breaking the border of network. ● Depending on the different env, it could leak sensitive meta-data，according to...

Debian: Security Advisory (DLA-2772-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AES256_Passwd_Store - Secure Open-Source Password Manager

This script securely encrypts or decrypts passwords on disk within a custom database file. It also features functionality to retrieve passwords from a previously generated database file. This script takes a master password from stdin/from memory, then hashes the password using the specified hashi...

pacemaker bug fix and enhancement update

The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Bug Fixes and Enhancements: pacemaker seems to end up in an unfence loop BZ1972273 On a three-node cluster if two nodes are...

pacemaker bug fix and enhancement update

An update is available for pacemaker. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Pacemaker cluster resource manager is a collection of technologies...

ALBA-2021:3578 pacemaker bug fix and enhancement update

The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Bug Fixes and Enhancements: pacemaker seems to end up in an unfence loop BZ1972273 On a three-node cluster if two nodes are...

Cross site scripting

A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox Version – 2.2.0 & below. The vulnerability exists in the Lightbox functionality where a user with low privileges is allowed to execute arbitrary script code within the context of the...