5 matches found
Insertion of Sensitive Information into Externally-Accessible File or Directory
Overview org.jenkins-ci.plugins:git-client is a Jenkins git client plugin. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the Git URL field form validation process. An attacker can determine the existence of...
PT-2024-10358 · Drupal · Migrate Tools
Name of the Vulnerable Software and Affected Versions: Migrate Tools versions 0.0.0 through 6.0.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability in the Migrate Tools module of the Drupal CMS system. This vulnerability can be exploited by a remote attacker to...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.tvos-arm64 to version 6.0.3 or higher. References - Dotnet Announcement - Dotnet Issue -...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x64 to version 6.0.3 or higher. References - Dotnet Announcement -...
HTTP Response Splitting
Overview org.wso2.transport.http:org.wso2.transport.http.netty is a HTTP protocol handling implementations for C5 based products. Affected versions of this package are vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled. Remediation Upgrade...