2137 matches found
UBUNTU-CVE-2022-35977
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory OOM panic. The problem is fixe...
CVE-2023-22741 heap-over-flow in stun_parse_attribute in sofia-sip
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP lacks both message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow. For example, in stunparseattribute, after ...
PT-2023-3591
Name of the Vulnerable Software and Affected Versions Sudo versions prior to 1.9.13 Description The issue is related to a lack of proper encoding or escaping of output in the Sudo program, which can be exploited by a remote attacker to gain access to confidential data. The problem specifically...
CVE-2022-41953 Git clone remote code execution vulnerability in git-for-windows
Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...
CVE-2023-22727
CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...
UBUNTU-CVE-2022-41903
Git is distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators, there is a integer overflow in...
PT-2023-10233 · Unknown · Githuis P2Manage
Name of the Vulnerable Software and Affected Versions: githuis P2Manage affected versions not specified Description: A critical vulnerability was found in githuis P2Manage, affecting the function Execute of the file PTwoManage/Database.cs. The manipulation of the sql argument leads to sql...
PT-2023-8779 · Apache +2 · Apache Shiro +2
Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.11.0 Spring Boot versions 2.6+ Description: The issue is related to a conflict of interpretations between Apache Shiro and Spring Boot, which can be exploited by a remote attacker using a specially crafted HTT...
PT-2023-10212 · Unknown · Jvvlee Merlinsboard
Name of the Vulnerable Software and Affected Versions: jvvlee MerlinsBoard affected versions not specified Description: A vulnerability was found in the Grade Handler component of jvvlee MerlinsBoard, leading to improper authorization. The manipulation of an unknown part of this component is the...
PT-2023-12409 · Unknown · Woorank Robots-Txt-Guard
Name of the Vulnerable Software and Affected Versions: Woorank robots-txt-guard affected versions not specified Description: A vulnerability was found in the function makePathPattern of the file lib/patterns.js. The manipulation of the argument pattern leads to inefficient regular expression...
PT-2022-28116 · Centic9 · Jgit-Cookbook
Name of the Vulnerable Software and Affected Versions: centic9 jgit-cookbook affected versions not specified Description: A vulnerability was found in centic9 jgit-cookbook, declared as problematic, affecting unknown code. The manipulation leads to an insecure temporary file. The attack can be...
PT-2022-28122 · Flatpress · Flatpress
Name of the Vulnerable Software and Affected Versions: FlatPress affected versions not specified Description: A problematic vulnerability has been found in FlatPress, affecting an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads ...
PT-2022-25906 · WordPress · Contest Gallery Pro +1
Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5 Contest Gallery Pro WordPress plugin versions prior to 19.1.5 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the site's...
EUVD-2022-51942
A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed...
PT-2022-27741 · Click Studios · Click Studios Passwordstate +1
Name of the Vulnerable Software and Affected Versions: Click Studios Passwordstate affected versions not specified Click Studios Passwordstate Browser Extension Chrome affected versions not specified Description: A problematic vulnerability was found in Click Studios Passwordstate and Passwordsta...
CVE-2022-46166 Spring Boot Admins integrated notifier support allows arbitrary code execution
Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...
DEBIAN-CVE-2022-23493
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a Out of Bound Read in xrdpmmtransprocessdrdynvcchannelclose function. There are no known workarounds for this issue. Users are advised to upgrade...
DEBIAN-CVE-2022-23481
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a Out of Bound Read in xrdpcapsprocessconfirmactive function. There are no known workarounds for this issue. Users are advised to upgrade...
DEBIAN-CVE-2022-23479
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a buffer over flow in xrdpmmchandatain function. There are no known workarounds for this issue. Users are advised to upgrade...
DEBIAN-CVE-2022-23478
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a Out of Bound Write in xrdpmmtransprocessdrdynvcchannelopen function. There are no known workarounds for this issue. Users are advised to upgrade...