python-gevent: privilege escalation via a crafted script to the WSGIServer component

A flaw was found in python-event, which could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the WSGIServer component. By using a specially crafted script, an attacker can gain elevated privileges...

python-gevent: privilege escalation via a crafted script to the WSGIServer component

A flaw was found in python-event, which could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the WSGIServer component. By using a specially crafted script, an attacker can gain elevated privileges...

Malicious code in @b2bgeo/frontend-server-api-types (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-35231 rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter

rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data profilerruns was not constrained to any limitation. This would lead to...

CVE-2024-25126

Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. This vulnerability is patched in 3.0.9.1 and 2.2.8.1...

CVE-2024-25126 Rack ReDos in content type parsing (2nd degree polynomial)

Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. This vulnerability is patched in 3.0.9.1 and 2.2.8.1...

CVE-2022-34886

A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow...

Lenovo printers security breach

Lenovo printers is a printer from the Chinese company Lenovo. A security vulnerability exists in Lenovo printers that originates from a remote code execution vulnerability due to a stack overflow caused by an illegal string being pushed through a script to the server-side interface...

PYSEC-2023-177

An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component...

CVE-2023-27980

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected...

GMAO LINX LINX Sphere 路径遍历漏洞

GMAO LINX LINX Sphere is a software from GMAO LINX designed for the overall management of industrial and construction grade maintenance departments. A security vulnerability exists in GMAO LINX LINX Sphere version 7.35.ST15, which stems from a directory traversal in the component...

The vulnerability of the WSGI server for Python Waitress allows attackers to compromise data integrity.

The vulnerability of the WSGI server for Python Waitress is related to an incorrect analysis of the Transfer-Encoding header. Exploiting this vulnerability allows a remote attacker to compromise data integrity...

CVE-2021-27422

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...

PT-2021-22149 · Auvesy · Versiondog

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a database connection to a server through a specific API, potentially allowing an unprivileged user to gain SYSDBA permissions. No...

CVE-2021-41382

Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface...

Realtek Jungle SDK 安全漏洞

The Realtek Jungle SDK from China's Realtek Semiconductor Realtek provides an HTTP web server that exposes a management interface that can be used to configure access points. A security vulnerability exists in the Realtek Jungle SDK, which stems from a failure of the product's configuration...

CVE-2020-7208

LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2. Recent assessments: cinzinga at March 09, 2020 9:38pm UTC reported: I am the founder of this exploit. While it is in a Hewlett-Packard product, it is a very obscure piece of software and was no longer actively...

Waitress Environment Issue Vulnerability

Waitress is a WSGI Web Server Gateway Interface server for Python. An environmental issue vulnerability exists in Waitress 1.4.0 and earlier versions. The vulnerability stems from an unreasonable environmental factor in a networked system or product. An attacker could exploit this vulnerability t...

Description of the security update for SharePoint Server 2019: September 10, 2019

Description of the security update for SharePoint Server 2019: September 10, 2019 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft SharePoint if the software does not check the source markup of an application package. To learn more about this...

The vulnerability of the Heketi software lies in the absence of an authentication procedure in the standard settings, allowing a perpetrator to execute arbitrary commands.

The vulnerability of the Heketi network software is related to the absence of an authentication process in the standard settings. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands supported by the Heketi Server API using the Heketi CLI comma...