87 matches found
Prototype Pollution
jsii is vulnerable to prototype pollution. The vulnerability is due to insufficient validation of user input. When untrusted input is allowed to modify the prototype of objects, an attacker can inject malicious properties into the object's prototype, potentially altering the behavior of the entir...
BIT-NODE-MIN-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl
Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...
CVE-2024-30129 HCL Nomad server on Domino is affected by a host header injection vulnerability
The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address...
CVE-2024-54135 Untrusted Deserialization in ClipBucket-v5 Version 2.0 to 5.5.1 Revision 199
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photoupload.php within the decodekey function. User inputs were supplied to this function...
CVE-2024-50271
In the Linux kernel, the following vulnerability has been resolved: signal: restore the overriderlimit logic Prior to commit d64696905554 "Reimplement RLIMITSIGPENDING on top of ucounts" UCOUNTRLIMITSIGPENDING rlimit was not enforced for a class of signals. However now it's enforced...
CBL Mariner 2.0 Security Update: php (CVE-2024-8925)
The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-8925 advisory. - In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form...
BIT-PHP-2024-8925 Erroneous parsing of multipart form data
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...
CVE-2024-8925
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...
CVE-2024-8925 Erroneous parsing of multipart form data
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...
CVE-2024-8925
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...
CVE-2024-8925
CVE-2024-8925 affects PHP multipart form data parsing via HTTP POST. Affected: PHP 8.1.x before 8.1.30, 8.2.x before 8.2.24, and 8.3.x before 8.3.12. The issue is an erroneous parsing of multipart form data that could cause the application to exhibit incorrect behavior due to data handling incons...
Medium: openssl
Issue Overview: Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected applicati...
CVE-2024-5535
Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...
OpenSSL Buffer Overread Vulnerability (20240627) - Windows
OpenSSL is prone to a buffer overread vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...
CVE-2024-3372
Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior t...
CVE-2024-3371
CVE-2024-3371 affects MongoDB Compass. Affected versions: 1.35.0–1.42.0. Root cause: insufficient validation of input from untrusted sources, enabling unintended behavior and data disclosure, with potential for attackers to impersonate users and perform MITM-style access to the channel. Public di...
Insufficient validation of external input in Compass may enable MITM attacks
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.40.5...
BIT-NODE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl
Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...
Published Explorer.exe and other applications close instantly after launch
When a published application such as Explorer is started, it closes instantly. Please note: this can also apply to many other applications that exhibit this behavior and not excluded to just explorer.exe. This is a built-in timer in Terminal Services which dictates if a session is not fully...
CVE-2023-26097
An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked...