GHSA-GGXF-37HM-9WQF instagrapi: Unsafe signup challenge path handling in instagrapi

instagrapi versions before 2.6.9 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. A malicious or tampered challenge payload could cause challenge handling requests to be sent outside the intende...

aiograpi: Unsafe signup challenge path handling

aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. A malicious or tampered challenge payload could cause challenge handling requests to be sent outside the intended...

FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address

...

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. In affected versions the URBDRC client does not perform bounds checking on server‑supplied MSUSBINTERFACEDESCRIPTOR values and uses them as indices in libusbudevcompletemsconfigsetup, causing an out‑of‑bounds read...

AZL-42726 CVE-2024-5629 affecting package python-pymongo 4.2.0-9

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory...

CVE-2023-5722

Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox 119...

CVE-2023-5722

Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox 119...

CVE-2023-5722

Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox 119...

Netgear NETGEAR R7800 信任管理问题漏洞

The Netgear NETGEAR R7800 is a wireless router from the American company Netgear. The NETGEAR R7800 suffers from a remote code execution vulnerability that stems from a failure to properly validate server-supplied certificates, which can be exploited by an attacker to execute arbitrary code in...

Design/Logic Flaw

The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key...

CVE-2008-4616

The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key...