CVE-2024-9016

...

CVE-2024-9016

CVE-2024-9016 affects D-Tale (Man Group) for Pandas data structures, where versions

Linux Distros Unpatched Vulnerability : CVE-2022-2880

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could...

USN-7290-1 rails vulnerabilities

It was discovered that Rails did not correctly handle parsing block formats in email service layers. An attacker could possibly use this issue to cause a denial of service. CVE-2024-47889 It was discovered that Rails did not correctly handle parsing block quotes in rich text content. An attacker...

OESA-2025-1052 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of...

USN-7158-1 smarty3 vulnerabilities

It was discovered that Smarty incorrectly handled query parameters in requests. An attacker could possibly use this issue to inject arbitrary Javascript code, resulting in denial of service or potential execution of arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubun...

WordPress plugin Comfino Payment Gateway 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Comfino Payment Gateway...

PT-2024-16612 · WordPress · Forumwp

Name of the Vulnerable Software and Affected Versions: ForumWP – Forum & Discussion Board plugin for WordPress versions up to, and including, 2.1.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without appropriate escaping...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure through the logrequest function. This function recorded sensitive information from the query parameters without improper sanitization. Remediation Upgrade jupyter-server to version 1.23.6, 2.3.0 or higher. Reference...

PT-2024-39512 · WordPress · Booster For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Booster for WooCommerce plugin for WordPress versions up to, and including, 7.2.3 Description: The issue arises from the use of add query arg and remove query arg without proper escaping on the URL, leading to Reflected Cross-Site...

PostgreSQL -- SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

PostgreSQL project reports: Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when...

Sensitive Information Exposure

pterodactyl/panel is vulnerable to Sensitive Information Exposure. The vulnerability is due to the insecure handling of passwords in HTTP query parameters, which are logged in plain text when two-factor authentication is disabled. It can allow unauthorized access if an attacker gains access to...

CVE-2024-47549

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

CVE-2024-47801

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

CVE-2024-47549

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

CVE-2024-47549

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

Sharp MFP 安全漏洞

Sharp MFP is a series of multifunction printers from Sharp Japan. A security vulnerability exists in Sharp MFP that stems from incorrect handling of query parameters in HTTP requests, which could result in unexpected data contamination of the HTTP response header...

Sharp MFP 安全漏洞

Sharp MFP is a series of multifunction printers from Sharp Japan. A security vulnerability exists in Sharp MFP that stems from incorrect handling of query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability...

PT-2024-32820 · Sharp +1 · Sharp Mfps +1

Name of the Vulnerable Software and Affected Versions: Sharp and Toshiba Tec MFPs affected versions not specified Description: The issue is related to the improper processing of query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL...

Possible ReDoS vulnerability in query parameter filtering in Action Dispatch

There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128. Impact Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibl...