Astra Linux - уязвимость в ruby2.5

REXML is an XML toolkit for Ruby. The REXML gem before version 3.3.1 has some DoS vulnerabilities when it parses XML that contains many special characters such as . If you need to parse untrusted XMLs, you may be affected by these vulnerabilities. The REXML gem version 3.3.2 or later includes...

Permissive List of Allowed Inputs

Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Permissive List of Allowed Inputs in the ADDATTR predicate function via EXTRAELEMENTHANDLING.attributeCheck. An attacker can inject and execute malicious scripts in the DOM...

Access Control Bypass

Overview @kottster/server is an Instant admin panel for your project Affected versions of this package are vulnerable to Access Control Bypass via the initApp and installPackagesForDataSource actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands by...

PT-2025-43531

Name of the Vulnerable Software and Affected Versions Kottster versions 3.2.0 through 3.3.1 Description Kottster is a self-hosted Node.js admin panel. Versions 3.2.0 through 3.3.1 contain a pre-authentication remote code execution RCE vulnerability when running in development mode. Production...

PT-2023-30740

Name of the Vulnerable Software and Affected Versions fast-jwt versions prior to 3.3.2 Description The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats...

PT-2023-20577 · Apache · Apache Couchdb

Name of the Vulnerable Software and Affected Versions: Apache CouchDB versions prior to 3.2.3 Apache CouchDB versions prior to 3.3.2 Description: Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design...

SUSE CVE-2021-37404

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher...

OESA-2022-2016 hadoop security update

Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming models. It is designed to scale up from single servers to thousands of machines, each offering local computation and storage. Security Fixes: In Apache...

GHSA-RMPJ-7C96-MRG8 Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher...