CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

AZL-11046 CVE-2022-35252 affecting package curl for versions less than 7.86.0-1

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

ALPINE-CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

DEBIAN-CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

WordPress Backup Scheduler plugin <= 1.5.13 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Lana Codes in WordPress Backup Scheduler plugin versions = 1.5.13. Solution Deactivate and delete. This plugin has been closed as of September 19, 2022 and is not available for download. This closure is temporary, pending a full review...

Arbitrary Code Execution

d8s-urls is vulnerable to arbitrary code execution. The vulnerability exists because the democritus-networking package of a specific version of d8s-urls acts as a potential code execution third party backdoor which allows an attacker to inject and execute malicious codes in to the system...

WordPress WP Custom Cursors plugin <= 3.0 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Lana Codes in WordPress WP Custom Cursors plugin versions = 3.0. Solution Update the WordPress WP Custom Cursors plugin to the latest available version at least 3.0.1...

Arbitrary Code Execution

d8sstrings is vulnerable to arbitrary code execution. The vulnerability exists because the democritus-hypothesis package of a specific version of d8sstrings acts as a potential code execution backdoor which allows an attacker to inject and execute malicious codes in to the system...

Arbitrary Code Execution

d8sipaddresses is vulnerable to arbitrary code execution. The vulnerability exists because the democritus-networking package of a specific version of d8s-archives acts as a potential code execution backdoor which allows an attacker to inject and execute malicious codes in to the system...

Arbitrary Code Execution

d8sutility is vulnerable to arbitrary code execution. The vulnerability exists because the democritus-networking package of a specific version of d8sutility acts as a potential code execution backdoor which allows an attacker to inject and execute malicious codes in to the system...

GHSA-54QX-8P8W-XHG8 SFTPGo vulnerable to recovery codes abuse

Impact SFTPGo WebAdmin and WebClient support login using TOTP Time-based One Time Passwords as a seconday authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery codes. These are a set of one time use codes tha...

SFTPGo vulnerable to recovery codes abuse

Impact SFTPGo WebAdmin and WebClient support login using TOTP Time-based One Time Passwords as a seconday authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery codes. These are a set of one time use codes tha...

Information Disclosure

github.com/containers/podman is vulnerable to Information Disclosure. The vulnerability exists in multiple functions due to improper handling of the supplementary groups in the Podman container engine which allows an attacker to gain access to containers and execute arbitrary codes...

GHSA-GGF6-638M-VQMG Netmaker vulnerable to Insufficient Granularity of Access Control

Impact Improper Authorization functions leads to non-privileged users running privileged API calls. If you have added users to your Netmaker platform who whould not have admin privileges, they could use their auth token to run admin-level functions via the API. In addition, differing response cod...

SuiteCRM authenticated SQL injection in export functionality

This module exploits an authenticated SQL injection in SuiteCRM in versions before 7.12.6. The vulnerability allows an authenticated attacker to send specially crafted requests to the export entry point of the application in order to retrieve all the usernames and their associated password from t...

PT-2022-5018 · WordPress · Wp 2Fa

Name of the Vulnerable Software and Affected Versions: WP 2FA WordPress plugin versions prior to 2.3.0 Description: The issue exists due to the use of comparison operators that do not mitigate time-based attacks, potentially allowing a remote attacker to leak information about authentication code...

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

OESA-2022-1908 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When curl is used to retrieve and parse cookies from an HTTPS server, it accepts cookies using control codes byte values below 32. When cookies...

PT-2022-5838 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw in the Linux kernel may cause a denial of service if consecutive requests of the NVME IOCTL RESET and the NVME IOCTL SUBSYS RESET are made through the device file of the driver,...