GHSA-CJR9-MR35-7XH6 SpiceDB binding metrics port to untrusted networks and can leak command-line flags

Background The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The /debug/pprof/cmdline endpoint served by the metrics service...

Mozilla Thunderbird < 102.10

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 102.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-15 advisory. - Mozilla developers Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team...

NewStart CGSL CORE 5.05 / MAIN 5.05 : polkit Multiple Vulnerabilities (NS-SA-2023-0027)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has polkit packages installed that are affected by multiple vulnerabilities: - A flaw was found in polkit before version 0.116. The implementation of the polkitbackendinteractiveauthoritycheckauthorization function in polkitd...

DEBIAN-CVE-2023-24536

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

UBUNTU-CVE-2023-24536

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

CVE-2022-4771

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables...

CVE-2022-4771

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables...

Code injection

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables...

CVE-2022-4771 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables...

CVE-2022-4771

CVE-2022-4771 affects Hitachi Vantara Pentaho Business Analytics Server. The root cause is improper neutralization of input during web page generation, enabling cross-site scripting via session variables injected through a malicious URL. Affected versions are prior to 9.4.0.1 and 9.3.0.2, includi...

CVE-2022-4771 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables...

Hitachi Vantara Pentaho Business Analytics Server 跨站脚本漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that originates from allowing malicious URLs to inject...

QNAP QTS / QuTS hero Vulnerability in sudo (QSA-23-11)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by a vulnerability as referenced in the QSA-23-11 advisory. - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR, VISUAL, and...

MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: MyBB 1.8.32 - Chained LFI Remote Code Execution RCE Authenticated Date: 2023-01-19 Exploit Author: lUc1f3r11 https://github.com/FDlucifer Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1832 Version: MyBB 1.8.32 Tested on: Linux CVE :...

Sensitive Information Disclosure

angular-server-side-configuration is vulnerable to Sensitive Information Disclosure. The vulnerability is due to leaking of environment variables because the library detects used environment variables in TypeScript files and writes them to a ngssc.json file in the output directory, which is then...

Upgraded Q -> 2 from #87 [1679862910687]

Judge has assessed an item in Issue 87 as 2 risk. The relevant finding follows: Uninitialized variables --- The text was updated successfully, but these errors were encountered: All reactions...

angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend

Impact angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The detected environment variables are written to a ngssc.json file in the output directory. During deployment of an Angular based app, the environment...

GHSA-GWVM-VRP4-4PP5 angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend

Impact angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The detected environment variables are written to a ngssc.json file in the output directory. During deployment of an Angular based app, the environment...

CVE-2023-28444

angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The...

Design/Logic Flaw

angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The...