157 matches found
PT-2024-16525 · Umbraco · Umbraco Cms
Name of the Vulnerable Software and Affected Versions: Umbraco CMS versions prior to 10.8.8 Umbraco CMS versions prior to 13.5.3 Umbraco CMS versions prior to 14.3.2 Umbraco CMS versions prior to 15.1.2 Description: A vulnerability was found in Umbraco CMS, classified as problematic. The issue...
DEBIAN-CVE-2024-47889
Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. Carefully crafted text can cause the blockformat helper to...
PT-2024-7465 · Fortinet · Fortimanager
Name of the Vulnerable Software and Affected Versions: FortiManager versions 7.4.2 and below FortiManager versions 7.2.5 and below FortiManager versions 7.0.12 and below Description: The issue is related to the exposure of sensitive information to unauthorized actors. It allows a remote...
PT-2024-37586 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab-CE/EE versions 17.0 through 17.1.7 GitLab-CE/EE versions 17.2 through 17.2.5 GitLab-CE/EE versions 17.3 through 17.3.2 Description: An issue was discovered in GitLab-CE/EE where an attacker, as a guest user, was able to access commit...
Taipy 3.1.1 affected by CVEs on flask-core and pymongo
Summary Indirect CVEs affect Taipy 3.1.1 Details Taipy 3.1.1 is affected by two existing CVEs: CVE-2024-1681 affects flask-core =3.1.2 and on major releases: =4.0.0 Impact pre-commit breaks when using dependency Taipy 3.1.1...
Important: tomcat
Issue Overview: Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn l...
PT-2024-40300 · Surrealdb · Surrealdb
Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 1.5.4 SurrealDB versions prior to 2.0.0-alpha.6 Description: The issue arises when an authenticated scope user switches working databases in a session using the use method or USE clause. If a user record with an...
UBUNTU-CVE-2024-34750
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...
container-tools:ol8 security update
aardvark-dns buildah 2:1.33.7-1 - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 https://github.com/containers/buildah/commit/b95e962 - Resolves: RHEL-28224 cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu 3.18-5 -...
PT-2024-3323
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 14.12 PostgreSQL versions prior to 15.7 PostgreSQL versions prior to 16.3 Description: The issue is related to errors in managing privileges in the PostgreSQL database system, specifically in the pg stats ext and ...
PT-2024-14968 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.7.7 through 16.8.5 GitLab CE/EE versions 16.9 through 16.9.3 GitLab CE/EE versions 16.10 through 16.10.1 Description: A denial of service issue was identified in GitLab CE/EE, which allows an attacker to increase the...
DEBIAN-CVE-2024-31309
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting proxy.config.http2.maxcontinuationframesperminute to limit the number of CONTINUATION frames...
GHSA-C35H-W8HJ-MM55 Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections...
PT-2024-22331 · Zitadel · Zitadel
Name of the Vulnerable Software and Affected Versions: Zitadel versions prior to 2.44.3 Zitadel versions 2.45.0 through 2.45.0 before 2.45.1 Zitadel versions prior to 2.46.0 Description: Zitadel is an open source identity management system that uses a cookie to identify the user agent and its use...
PT-2024-1487
Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.9.2 python3-aiohttp versions prior to 3.6.2-1ubuntu1+esm3 python3-module-aiohttp versions prior to 3.9.5-alt1 python310-aiohttp versions prior to 3.9.3-1.1 Description aiohttp is an asynchronous HTTP client/server...
PT-2024-1274 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.8 Splunk Enterprise versions prior to 9.1.3 Description: The issue is related to insufficient input validation, allowing a remote attacker to gain unauthorized access to protected information using the...
PT-2024-2675 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.14 MediaWiki versions 1.36.x through 1.39.x before 1.39.6 MediaWiki versions 1.40.x before 1.40.2 Description: The issue is related to the CampaignEvents extension in MediaWiki, which is associated with improp...
Security patch release - Ivanti Connect Secure 22.6R2 and 22.6R2.1
Resolutions for Ivanti Connect Secure Security Issues: As part of Ivanti's commitment to continuous security hardening, Ivanti has released a security update for Ivanti Connect Secure. This update resolves important vulnerabilities. To our knowledge, none of the CVEs identified in this review hav...
UBUNTU-CVE-2023-46604
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...
PT-2023-8615 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 14.0-rc-1 through 14.4.7 XWiki Platform versions 14.0-rc-1 through 14.10.3 XWiki Platform versions 14.0-rc-1 through 14.9.x XWiki Platform version 15.0-rc-1 is not affected, but versions prior to it are Description: Th...