664 matches found
PT-2023-16400 · Wallabag · Wallabag
Name of the Vulnerable Software and Affected Versions: wallabag versions prior to 2.5.3 Description: The issue concerns improper authorization in the wallabag GitHub repository. Specifically, the annotations feature allows users to add annotations on highlighted parts of an entry. However, the...
IDOR vulnerability allowing to update another user's annotations
Description IDOR vulnerability was discovered in wallabag. Proof of Concept 1. Login as a victim. 2. Create an entry and an annotation. In this case the annotation's ID is 3. 3. Login as an attacker. 4. Send the following request. request http PUT /annotations/3 HTTP/1.1 Host: localhost:8000...
DEBIAN-CVE-2022-42928
Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...
Memory corruption
Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...
CVE-2022-25629
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page Annotation Text Column...
Code injection
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page Annotation Text Column...
CVE-2022-25629
CVE-2022-25629 affects Broadcom Symantec Messaging Gateway (SMG) prior to version 10.8. An authenticated user with the ability to add/edit annotations on the Content tab can craft a malicious annotation that is executed on the annotations page (Annotation Text Column). The vulnerability is descri...
CVE-2022-25629
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page Annotation Text Column...
GHSA-X45C-CVP8-Q4FM Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace
Capsule implements a multi-tenant and policy-based environment in a Kubernetes cluster. A ServiceAccount deployed in a Tenant Namespace, when granted with PATCH capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operato...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from the fact tha...
Mozilla: Memory Corruption in JS Engine
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of certain types of allocations that were missing annotations that, if the Garbage Collector was in a specific state, could lead to memory corruption and a potentially exploitable crash...
Mozilla: Memory Corruption in JS Engine
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of certain types of allocations that were missing annotations that, if the Garbage Collector was in a specific state, could lead to memory corruption and a potentially exploitable crash...
Mozilla: Memory Corruption in JS Engine
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of certain types of allocations that were missing annotations that, if the Garbage Collector was in a specific state, could lead to memory corruption and a potentially exploitable crash...
Mozilla: Memory Corruption in JS Engine
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of certain types of allocations that were missing annotations that, if the Garbage Collector was in a specific state, could lead to memory corruption and a potentially exploitable crash...
Mozilla: Memory Corruption in JS Engine
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of certain types of allocations that were missing annotations that, if the Garbage Collector was in a specific state, could lead to memory corruption and a potentially exploitable crash...
Mozilla: Memory Corruption in JS Engine
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of certain types of allocations that were missing annotations that, if the Garbage Collector was in a specific state, could lead to memory corruption and a potentially exploitable crash...
Mozilla: Memory Corruption in JS Engine
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of certain types of allocations that were missing annotations that, if the Garbage Collector was in a specific state, could lead to memory corruption and a potentially exploitable crash...
Mozilla: Memory Corruption in JS Engine
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of certain types of allocations that were missing annotations that, if the Garbage Collector was in a specific state, could lead to memory corruption and a potentially exploitable crash...
Mozilla: Memory Corruption in JS Engine
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of certain types of allocations that were missing annotations that, if the Garbage Collector was in a specific state, could lead to memory corruption and a potentially exploitable crash...
CVE-2022-42928
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of certain types of allocations that were missing annotations that, if the Garbage Collector was in a specific state, could lead to memory corruption and a potentially exploitable crash...