341 matches found
FreeBSD : Emacs -- Shell injection vulnerability (7ba6c085-1590-491a-98ce-5452646b196f)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7ba6c085-1590-491a-98ce-5452646b196f advisory. An Emacs user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Li...
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
CVE-2024-37177
SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and...
K000149306: OpenSSL vulnerability CVE-2024-4603
Security Advisory Description Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or...
UBUNTU-CVE-2024-53920
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user chooses to...
Siemens SCALANCE M-800 Excessive Iteration (CVE-2024-4603)
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...
Exploit for CVE-2021-23369
CVE-2021-23369 Handlebars CVE-2021-23369 Vulnerability p...
PT-2024-9089
Name of the Vulnerable Software and Affected Versions GNU Emacs versions through 30.0.92 Description The issue is related to the elisp-completion-at-point function in GNU Emacs, which can trigger unsafe Lisp macro expansion when used on untrusted Emacs Lisp source code. This allows attackers to...
Medium: openssl
Issue Overview: Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that ar...
PT-2024-6131 · Sap · Sap Bex Web Java Runtime Export Web Service
Name of the Vulnerable Software and Affected Versions: SAP BEx Web Java Runtime Export Web Service affected versions not specified Description: The issue is related to insufficient validation of an XML document accepted from an untrusted source in the SAP BEx Web Java Runtime Export Web Service...
EulerOS 2.0 SP8 : compat-openssl (EulerOS-SA-2024-2021)
According to the versions of the compat-openssl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack...
Apache Wicket: Remote code execution via XSLT injection
The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue...
CVE-2024-36522
The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue...
CVE-2024-36522
The CVE-2024-36522 issue affects Apache Wicket’s XSLTResourceStream.java default configuration, where processing input from untrusted sources can lead to remote code execution via XSLT injection. Concretely, the vulnerability centers on the default parsing/stream handling path, enabling an attack...
CVE-2024-37177
CVE-2024-37177 involves SAP Financial Consolidation and a cross-site scripting (XSS) vulnerability where data can be entered into a Web application via endpoints exposed on the network from an untrusted source. Successful exploitation could impact confidentiality and integrity of the application....
CVE-2024-37177 Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation
SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and...
CVE-2024-37177 Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation
SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and...
EulerOS 2.0 SP12 : openssl (EulerOS-SA-2024-1746)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...
CVE-2024-35238
Summary: Minder by Stacklok (pre-0.0.51) is vulnerable to a DoS caused by the sigstore verifier reading an untrusted response without a size limit. An attacker can cause Minder to fetch attestations from a user-controlled GitHub endpoint (orgs/$owner/attestations/$checksumref) and feed a large re...
FreeBSD : OpenSSL -- Denial of Service vulnerability (b88aa380-1442-11ef-a490-84a93843eb75)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b88aa380-1442-11ef-a490-84a93843eb75 advisory. - Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary:...