20 matches found
Apache Log4net: Silent Log Event Loss In XmlLayout And XmlLayoutSchemaLog4J Due To Unescaped XML 1.0 Forbidden Character
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0...
DEBIAN-CVE-2026-40021
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0...
UBUNTU-CVE-2026-40021
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0...
CVE-2026-40021
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0...
CVE-2026-40021 Apache Log4net: Silent log event loss in XmlLayout and XmlLayoutSchemaLog4J due to unescaped XML 1.0 forbidden characters
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0...
CVE-2026-40021 Apache Log4net: Silent log event loss in XmlLayout and XmlLayoutSchemaLog4J due to unescaped XML 1.0 forbidden characters
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0...
PT-2026-28589
Name of the Vulnerable Software and Affected Versions LibJWT versions 3.0.0 through 3.2.9 Description LibJWT, a C JSON Web Token Library, has an issue in the RSA-PSS JWK parsing functionality. Versions prior to 3.3.0 do not adequately validate JSON string values, specifically failing to protect...
Timing Attack
Overview richie is an A CMS to build learning portals for open education Affected versions of this package are vulnerable to Timing Attack via the synccourserunfromrequest function. An attacker can bypass authentication by exploiting timing discrepancies during HMAC signature verification...
Improper Validation of Specified Type of Input
Overview yara-mail is an A Python package and command line utility for scanning emails with YARA rules Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to the automatic treatment of string input as a filesystem path in the...
Linux Distros Unpatched Vulnerability : CVE-2021-32728
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature...
Arbitrary File Upload
Overview django-filer is an A file management application for django that makes handling of files and images a breeze. Affected versions of this package are vulnerable to Arbitrary File Upload via the file upload mechanism allowing, by default, the upload of binary or unknown file types...
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via the resource file handling mechanism. An attacker can use resource API to access and modify all files in the machine even if they are not under resource path. Remediation Upgrade...
CVE-2023-41834 Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...
PT-2021-22861 · Cobbler +2 · Cobbler +2
Name of the Vulnerable Software and Affected Versions: Cobbler versions prior to 3.3.0 Description: The issue allows for authorization bypass, enabling modification of settings. Recommendations: For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue...
UBUNTU-CVE-2021-32728
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a privat...
PYSEC-2021-90
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...
Denial of Service (DoS)
Overview jointjs is a JavaScript diagramming library. It can be used to create either static diagrams or, and more importantly, fully interactive diagramming tools and application builders. Affected versions of this package are vulnerable to Denial of Service DoS via the unsetByPath function. PoC...
Timing Attack
Overview shrine is a toolkit for file attachments in Ruby applications. Affected versions of this package are vulnerable to Timing Attack when using the derivationendpoint plugin, allowing the attacker to guess the signature of the derivation URL. Remediation Upgrade shrine to version 3.3.0 or...
PT-2019-6268 · Inspircd +4 · Inspircd +4
Name of the Vulnerable Software and Affected Versions: InspIRCd versions prior to 2.0.28 InspIRCd versions prior to 3.3.0 Description: The issue is related to a NULL pointer dereference in the mysql module of InspIRCd when built against mariadb-connector-c 3.0.5 or newer. This can be exploited fo...