4 matches found
GO-2026-4766 SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home (GHSA-h5vh-m7fg-w5h6 Bypass) in github.com/siyuan-note/siyuan/kernel
SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home GHSA-h5vh-m7fg-w5h6 Bypass in github.com/siyuan-note/siyuan/kernel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module...
SiYuan 访问控制错误漏洞
SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.6.2 contained an access control vulnerability. This vulnerability stemmed from the WebSocket server accepting unauthenticated connections, and no type checking was performed...
CVE-2019-20104
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability...
PT-2011-1615 · Eclipse +1 · Eclipse Ide +1
Name of the Vulnerable Software and Affected Versions: Eclipse IDE versions prior to 3.6.2 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the Help Contents web application of the Eclipse IDE. These vulnerabilities allow remote attackers to inject arbitrary we...