The vulnerability of the 389-ds-base package for Debian GNU/Linux and Red Hat Enterprise Linux systems allows a hacker to trigger a service failure.

The vulnerability of the 389-ds-base package for Debian GNU/Linux and Red Hat Enterprise Linux exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures when changing the userPassword parameter using improperly...

ROS-20240805-08

A vulnerability in the golang package of the Debian GNU/Linux operating system is related to a lack of protection for service data. data. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information A vulnerability in the golang package of the...

ROS-20240730-15

A vulnerability in the dstring.c component of the Debian GNU/Linux operating system cpio package is caused by an integer overflow. overflow. Exploitation of the vulnerability could allow an attacker to cause a stack overflow via a generated file...

Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)

Exploit Title: Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting XSS Date: 20-06-2024 Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://automad.org Software Link: https://github.com/marcantondahmen/automad Category: Web Application Flat File CMS Version: 2.0.0-alpha.4 Tested on:...

GHSA-8H4M-R4WM-XJ7R TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of...

TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of...

GHSA-F9HR-7CFQ-MJG2 TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of...

TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of...

ROS-20240423-03

Vulnerability in the /krb5/src/lib/rpc/pmaprmt.c component of the Kerberos network protocol implementation is related to memory freeing errors. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service Vulnerability in component...

ROS-20240422-05

The golang package vulnerability is related to errors returned from MarshalJSON methods containing data, controlled by the user. Exploitation of the vulnerability could allow an attacker acting remotely, exploit these errors to disrupt the contextual behavior of the automatic output of the packag...

The vulnerability of the golang package in the Debian GNU/Linux operating system, which allows a perpetrator to access confidential information

The vulnerability of the golang package in the Debian GNU/Linux operating system is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information remotely...

The vulnerability of the golang package in the Debian GNU/Linux operating system, which allows a attacker to trigger a Denial-of-Service Attack (DoS).

The vulnerability of the golang package in the Debian GNU/Linux operating system is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to trigger a Denial-of-Service Attack DoS...

The vulnerability of the Tor browser for the Debian GNU/Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the Tor browser for the Debian GNU/Linux operating system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

Heap OOB Read

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the latest release as of 10/08/23 the current master branch at commit 50c2ab06f45a3101d73d6f317e98f041809f4923 . Description This AddressSanitizer output is indicating an OOB read of inval...

Heap BoF in trunc_string()

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the master branch as of 09/25 at commit 6ee7b521fa7531ef356ececc8be7575c3800f872 . Description Heap BoF in the file /src/message.c in the function truncstring at line 356. Snippet c bufe -...

CWE-476 leads to potential OOB Read

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the master branch as of 09/25 at commit f109bf93c9402e4e3122a7ae7846e6feae4fa222 . Description This AddressSanitizer output is indicating a OOB read that is semi-controllable, but is...

The vulnerability in the implementation of the Kerberos network protocol on Debian GNU/Linux, Red Hat Enterprise Linux, Ubuntu, Fedora, and Alt 8 SP operating systems allows a perpetrator to cause a service failure.

The vulnerability of the Kerberos network protocol implementation in Debian GNU/Linux, Red Hat Enterprise Linux, Ubuntu, Fedora, and Alt 8 SP is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

OOB read from unchecked return

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the latest release as of 05/29/23 the current master branch at commit 4f810869b06b5d7b0cb73d166864dfb4b1e900f6 . Description This AddressSanitizer output is indicating a read on an unknown...

OOB Write ops.c

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the master branch at commit 50809a45ebde327cb6fdcc727d7466e926aed713 . Description This AddressSanitizer output is indicating a write to the 0x7fd0c2103000 address, this is because the...

Divide By Zero FPE

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Release: n/a Codename: bookworm Version I checked against the latest release as of 05/18/23 the current master branch at commit a6ae93532ea5615c876c81a6580badbfa01d4383 . Description This AddressSanitizer output is...