64828 matches found
phpMyFAQ: Default Empty API Token Authentication Bypass
Summary A default empty API client token allows any unauthenticated user to create and modify FAQ entries, categories, and questions via the REST API. The vulnerability exists in all versions since API v4.0 was introduced because the installation process seeds api.apiClientToken with an empty...
Missing Authorization
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Missing Authorization in the overwritePassword process. An attacker can gain unauthorized access to higher-privileged accounts, including full...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes due to Improperly Controlled Modification of...
Malicious code in libhmac (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fccbd481dd2bd04274c5045995a08ddbcf302780c24f39eb63821d5d63a998d1 The PyPI name 'libhmac' matches the well-known libyal/libhmac C forensics library HMAC primitive, but the package contents have nothing to do with HM...
MAL-2026-4447 Malicious code in @spcsn/taro-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10e2baba3a5166ecf1196146e1b2a8771836b25bd7f8d56979e3e277a3de9625 The package's postinstall script probes https://taro.jd.com/ and then invokes its own CLI to run npm install...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: dm-crypt: Do not modify the data when using authenticated encryption. It was stated that authenticated encryption could produce invalid tags when the data being encrypted was modified 1. Therefore, this issue can be addressed by...
Astra Linux - уязвимость в openjdk-11
A vulnerability exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The versions affected include Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle...
Astra Linux - уязвимость в openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. The supported versions affected by this vulnerability are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5, and 22.3.1...
Astra Linux - уязвимость в openjdk-11
Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Networking. The supported versions affected by this vulnerability include Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3, and 22.2.0. This...
Astra Linux - уязвимость в openjdk-11
Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: JNDI. The supported versions affected include Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3, and 22.2.0. This vulnerabili...
Astra Linux - уязвимость в libyaml-libyaml-perl
YAML-LibYAML before version 0.903.0 for Perl uses 2-args open, allowing existing files to be modified...
Astra Linux - уязвимость в openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK products of Oracle Java SE component: Libraries. The supported versions affected by this vulnerability are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise...
Astra Linux - уязвимость в openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: JSSE. The supported versions affected by this vulnerability are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK:...
Astra Linux - уязвимость в mariadb-10.3
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. The supported versions affected are 5.7.35 and earlier, as well as 8.0.26 and earlier. This easily exploitable vulnerability allows a highly privileged attacker with network access via multiple protocols to compromise th...
Astra Linux - уязвимость в openjdk-11
A vulnerability exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Networking. The versions affected include Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM...
Astra Linux - уязвимость в openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK products of Oracle Java SE component: Networking. The supported versions affected by this vulnerability are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3....
Astra Linux - уязвимость в python-httplib2
In httplib2 before version 0.18.0, an attacker who controlled unescaped parts of the URI for httplib2.Http.request could alter request headers and the request body, and send additional hidden requests to the same server. This vulnerability affects software that uses httplib2 with URIs constructed...
Astra Linux - уязвимость в openjdk-11
A vulnerability exists in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The versions affected include Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle Graal...
Astra Linux - уязвимость в openjdk-11
A vulnerability exists in the Oracle Java SE and Oracle GraalVM Enterprise Edition products from Oracle Java SE component: JNDI. The versions affected include Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1, and 22.0.0.2. This easily exploitabl...
Astra Linux - уязвимость в openjdk-11
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. The supported versions affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. This easily exploitable vulnerability allows an unauthenticat...