14 matches found
CVE-2023-0771
SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop...
UBUNTU-CVE-2021-3991
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions...
PT-2024-11006 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr versions prior to the 'develop' branch Dolibarr versions prior to 15.0.0 Dolibarr versions prior to 63cd063 Description: An Improper Authorization issue exists, allowing a user with restricted permissions in the 'Reception' section t...
GHSA-M4GQ-X24J-JPMF Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify
The following bundled files within the Mermaid NPM package contain a bundled version of DOMPurify that is vulnerable to https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674, potentially resulting in an XSS attack. This affects the built: - dist/mermaid.min.js -...
CVE-2023-48229 Out-of-bounds write in the radio driver for Contiki-NG nRF platforms
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the readframe function in...
CVE-2023-30546 Contiki-NG has off-by-one error in Antelope DBMS
Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System CFS backend for the storage of data file...
CVE-2023-28116 Buffer overflow in L2CAP due to misconfigured MTU
Contiki-NG is an open-source, cross-platform operating system for internet of things IoT devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer packetbuf for processing o...
Installers generated by Squirrel.Windows may insecurely load Dynamic Link Libraries
Overview Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427...
GHSA-GCJF-29M9-888Q PaddlePaddle vulnerable to Code Injection
Code injection in paddle.audio.functional.getwindow in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. A patch is available on the develop branch of the repository and anticipated to be part of a 2.4 release...
PaddlePaddle vulnerable to Code Injection
Code injection in paddle.audio.functional.getwindow in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. A patch is available on the develop branch of the repository and anticipated to be part of a 2.4 release...
Cockpit Content Platform vulnerable to 2FA bypass
Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication 2FA bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an attacker to bypass the 2FA code. A patch is available on the develop branch and is expected to be part...
Privilege escalation in easyappointments
The Easy!Appointments API authorization is checked against the user's existence, without validating the permissions. As a result, a low privileged user eg. provider can create a new admin user via the "/api/v1/admins/" endpoint and take over the system. A patch is available on the develop branch ...
PYSEC-2020-268
In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...
Information disclosure
In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...