EUVD-2024-41282

Malicious code in bioql PyPI...

The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.

...

CVE-2024-45044 Bareos's negative command ACLs can be circumvented by abbreviating commands

Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation i.e. "w" for "whoami" the ACL check did not apply to the full form i.e. "whoami" but to the abbreviated...

CVE-2024-45044

The CVE concerns Bareos: when a command ACL is set, an attacker could bypass a negative ACL by using an abbreviation (e.g., w instead of whoami) in bconsole, causing the ACL check to apply to the abbreviated form rather than the full command. This may allow execution of a disallowed command if th...

PT-2024-31395 · Bareos · Bareos

Name of the Vulnerable Software and Affected Versions: Bareos versions prior to 21.1.11 Bareos versions prior to 22.1.6 Bareos versions prior to 23.0.4 Description: The issue concerns the command ACL in Bareos, where command restrictions can be bypassed using abbreviations. When a command ACL is ...

[SECURITY] Fedora 38 Update: prrte-2.0.2-5.fc38

PRRTE is the PMIx Reference Run Time Environment. The project is formally referred to in documentation by "PRRTE", and the GitHub repository is "openpmix/prrte". However, we have found that most users do not like typing the two consecutive "r"s in the name. Hence, all of the internal API symbols,...

SUSE CVE-2018-16403

libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarfgetabbrev in dwarfgetabbrev.c and dwarfhasattr in dwarfhasattr.c, leading to a heap-based buffer over-read and an application crash...

Pimcore 跨站脚本漏洞

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. 10.4.0 versions of Pimcore before the...

Boofuzz - Network Protocol Fuzzing for Humans

Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility. The goal: fuzz everything. Why? Sulley has been the preeminent open source fuzzer for some time, but has fallen out of maintenance. Features Like Sulley,...

SUSE: Security Advisory (SUSE-SU-2021:2555-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

sentence.site123.me Cross Site Scripting vulnerability OBB-1480081

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

GHSA-X65C-4FGJ-5FC3 Cross-site Scripting in pandao

pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element...

polyportables-id.com XSS vulnerability

Open Bug Bounty ID: OBB-597117 Description| Value ---|--- Affected Website:| polyportables-id.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Gnulib Buffer Overflow Vulnerability

Gnulib is a GNU portability library that supports multi-system operation. A heap buffer overflow vulnerability exists in the saveabbr function of the timerz.c file in versions of Gnulib prior to 2017-04-26. An attacker can exploit this vulnerability to execute arbitrary code with the help of TZ...

polizei-beratung.de XSS vulnerability

Vulnerable URL:...

UBUNTU-CVE-2015-8750

libdwarf 20151114 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and crash via a debugabbrev section marked NOBITS in an ELF file...