77 matches found
CVE-2022-21642 Exposure of whisper participants in discourse
Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this...
Discourse 信息泄露漏洞
Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. Discourse suffers from an information disclosure vulnerability that stems from the fact that a maliciously crafted request may result in an intermediate proxy cache...
CVE-2021-41163
Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribeurl values. This issue is patched in the latest stable, beta and tests-passed versions of...
PT-2021-22418 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed versions Description: The issue allows category names to be used for Cross-site scripting XSS attacks. This is mitigated by Discourse's default Content Security Policy, and...
CVE-2021-21430
OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...
CVE-2021-21430
OpenAPI Generator contains a vulnerability where code generated for Java/Scala performs insecure temporary file creation via File.createTempFile, risking exposure of application/data when handling binary uploads/downloads. Affected generators include Java (jersey2, okhttp-gson default) and scala-...
CVE-2021-21428
Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...
Ripple20 Vulnerabilities Affecting Treck IP Stacks
The Cybersecurity and Infrastructure Security Agency CISA is aware of multiple vulnerabilities, known as Ripple20, affecting Treck IP stack implementations for embedded systems. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages user...
Xiaomi Mi WiFi R3G Path Traversal Vulnerability
The Xiaomi Mi WiFi R3G is a 3G router from China's Xiaomi Technology Xiaomi. A path traversal vulnerability in previous versions of the Xiaomi Mi WiFi R3G 2.28.23-stable, which stems from a failure of a networked system or product to properly filter for special elements in the path of a resource ...
Packabit project: building Nmap deb packages for Ubuntu
During the long New Year holidays 30 dec - 8 jan I started a new project: Vagrant-based Linux package builder called Packabit. I thought it might be nice to have scripts that will automatically build a Linux packages from sources and will NOT litter main system with unnecessary packages. Somethin...
Updated roundcubemail packages fix security vulnerability & bugs
This is a service release to update the stable version 1.3 of Roundcube Webmail. It contains fixes to several bugs backported from the master branch including a security fix for a reported XSS vulnerability in handling invalid style tag content plus updates to ensure compatibility with PHP 7.3 an...
Code Execution Vulnerability in ESPCMS Enterprise Website Management System P8.18101601 Stable Version
ESPCMS enterprise website management system is based on LAMP development and construction of enterprise website management system. A code execution vulnerability exists in the stable version of ESPCMS P8.18101601. It allows an attacker to remotely execute commands and gain server privileges...
SQL Injection Vulnerability in ESPCMS P8.18101601 Stable Version in***.php File
ESPCMS enterprise website management system is based on LAMP development and construction of enterprise website management system. ESSENCE ESPCMS enterprise website management system P8.18101601 stable version of in.php file SQL injection vulnerability. Attackers can use the vulnerability to obta...
MGASA-2018-0175 Updated leptonica packages fix security vulnerabilities
Package leptonica has been updated to the current stable version 1.75.3 which fixes: CVE-2018-7186 - multiple stack-based buffer overflows in gplotRead and ptaReadStream CVE-2018-7247 - a buffer overflow in src/viewfiles.c with unsanitized input rootname...
Updated leptonica packages fix a security vulnerability
Package leptonica has been updated to the current stable version 1.75.2 which fixes a security issue potential injection attack using gplot rootdir reported in CVE-2018-3836...
PT-2017-4232 · Mikrotik · Routeros +1
Name of the Vulnerable Software and Affected Versions: Mikrotik RouterOS versions prior to Stable 6.38.5 Mikrotik RouterOS versions prior to Long-term 6.37.5 Description: The issue is related to memory corruption in the Mikrotik RouterOS web server. A remote and unauthenticated user can trigger t...
Fedora 25 : lxc (2016-868350fe5a)
Update LXC to the latest stable version. See here for the list of changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
WordPress Real3D FlipBook Plugin - Multiple Vulnerabilities
Real3D FlipBook plugin is prone to multiple vulnerabilities, such as XSS. An attacker can upload images in root directory and delete any files from the server. Solution Update WordPress plugin to the newest stable and safe version...
WordPress Ultimate Membership Pro Plugin 3.3 - SQL Injection
This WordPress Ultimate Membership Pro plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update WordPress plugin to the newest stable and safe...
Oracle JRE/JDK: Multiple vulnerabilities
Background The Oracle Java Development Kit JDK and the Oracle Java Runtime Environment JRE provide the Oracle Java platform. Description Multiple vulnerabilities have been discovered in Oracle JRE/JDK. Please review the CVE identifiers referenced below for details. Impact An context-dependent...