CVE-2022-21667 Denial of Service in soketi

soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even unauthenticated with t...

Grafana 路径遍历漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. Grafana suffers from a path traversal vulnerability that stems from the fact that Grafana prior to...

PYSEC-2021-384

FirstUseAuthenticator is a JupyterHub authenticator that helps new users set their password on their first login to JupyterHub. When JupyterHub is used with FirstUseAuthenticator, a vulnerability in versions prior to 1.0.0 allows unauthorized access to any user's account if createusers=True and t...

PT-2021-22382 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.19.0 Description: The issue allows remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the "/rest/api/1.0/render" endpoint...

DEBIAN-CVE-2021-39163

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable...

UBUNTU-CVE-2021-29505

XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to...

GHSA-8HXH-R6F7-JF45 Memory exhaustion in http4s-async-http-client with large or malicious compressed responses

Impact A server we connect to with http4s-async-http-client could theoretically respond with a large or malicious compressed stream and exhaust memory in the client JVM. It does not affect http4s servers, other client backends, or clients that speak only to trusted servers. This is related to a...

PT-2020-5652 · Libjpeg Turbo +8 · Libjpeg-Turbo +8

Name of the Vulnerable Software and Affected Versions: libjpeg-turbo versions 2.0.4 and earlier mozjpeg version 4.0.0 Description: The issue is related to a heap-based buffer over-read in the get rgb row function in rdppm.c via a malformed PPM input file. This can allow a remote attacker to acces...

PT-2020-19795

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite ZCS versions prior to 8.8.15 Patch 7 Description The software is susceptible to a Server-Side Request Forgery SSRF attack when the WebEx zimlet is installed and the zimlet JSP is enabled. A recent surge in the...

CVE-2018-11772

Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node if any was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires adm...

PT-2019-18536 · Zoneminder +3 · Zoneminder +3

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.32.4 Description: A Self-Stored Cross Site Scripting XSS issue exists when editing an existing monitor field named "signal check color" in monitor.php. The lack of input validation and output filtration makes it...

PT-2019-18535 · Zoneminder +3 · Zoneminder +3

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.32.4 Description: A Reflected Cross Site Scripting issue exists, allowing an attacker to execute HTML or JavaScript code via a vulnerable show parameter value in the "view frame" frame.php due to omitted proper...

Apache Tomcat security restrictions bypass Vulnerability, CVE-2017-5664-a vulnerability warning-the black bar safety net

Apache Tomcat security restrictions bypass Vulnerability, CVE-2017-5664） Release date: 2017-06-12 Update date: 2017-06-12 Affected system: Apache Group Tomcat 9.0.0. M1-9.0.0. M20 Apache Group Tomcat 8.5.0-8.5.14 Apache Group Tomcat 8.0.0. RC1-8.0.43 Apache Group Tomcat 7.0.0-7.0.77 Description:...

Bypass $cfg['Servers'][$i]['AllowNoPassword']

PMASA-2017-8 Announcement-ID: PMASA-2017-8 Date: 2017-03-28 Updated: 2018-05-01 Summary Bypass $cfg'Servers'$i'AllowNoPassword' Description A vulnerability was discovered where the restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions. This can...

Incorrect serialized string parsing

PMASA-2016-70 Announcement-ID: PMASA-2016-70 Date: 2016-11-25 Updated: 2016-12-06 Summary Incorrect serialized string parsing Description Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMAsafeUnserialize function. Severity We consider this...

phpMyAdmin Multiple Vulnerabilities (PMASA-2016-8, PMASA-2016-9) - Active Check

phpMyAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

Foxit Reader ConvertToPDF heap buffer overflow remote code execution vulnerability-vulnerability warning-the black bar safety net

Affected systems: Foxit Foxit Reader Description: Foxit Reader is a small PDF document viewer and print program. Foxit Reader ConvertToPDFx86. dll in the presence of security vulnerabilities. Structure of the BMP graphics will result in a heap buffer overflow. An attacker could exploit this...

Siemens RUGGEDCOM ROX-based devices authentication bypass Vulnerability, CVE-2 0 1 5-7 8 7 1-a vulnerability warning-the black bar safety net

Affected system: Siemens RUGGEDCOM ROX 2.9.0 Description: CVECAN ID: CVE-2 0 1 5-7 8 7 1 Siemens RUGGEDCOM based on the ROX device for connection to the harsh environment of the equipment. Siemens RUGGEDCOM ROX-based devices exist authentication bypass vulnerability, by sending a configuration of...

Google Chrome MIDI subsystem application crash vulnerabilities(CVE-2 0 1 5-6 7 9 2)-vulnerability warning-the black bar safety net

Affected system: Google Chrome 47.0.2526.106 Description: CVECAN ID: CVE-2 0 1 5-6 7 9 2 Google Chrome is developed by Google, a Web browsing tool. Google Chrome 47.0.2526.106 the previous version, the MIDI subsystem does not properly handle data transmission, remote attacker could exploit this...

dpkg stack buffer overflow vulnerability(CVE-2 0 1 5-0 8 6 0)-vulnerability warning-the black bar safety net

CVECAN ID: CVE-2 0 1 5-0 8 6 0 dpkg is“Debian” specially developed Suite of management system, easy software installation, updates and removal. dpkg of dpkg-deb component the presence of stack buffer overflow vulnerability, if a user or automated system processing structure of the old format of a...