4421 matches found
Information Disclosure
@backstage/techdocs-common is vulnerable to information disclosure. An attacker is able bypass sanitization by uploading documentation content with malicious scripts that would normally be sanitized by the TechDocs frontend, but by tricking a user to visit the content via the TechDocs API, the...
Cross-site Scripting (XSS)
Backstage is vulnerable to cross-site scripting. An attacker is able to inject malicious script by embedding the script within an object element of uploaded documentation content, allowing the malicious script to get executed when the same documentation page is visited or the malicious object...
Monstra CMS 3.0.4 Remote Code Execution
Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution Authenticated Date: 03.06.2021 Exploit Author: Ron Jost hacker5preme Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: Ubuntu 20.04 CVE: CVE-2018-6383 Documentation:...
CVE-2021-32662
In CVE-2021-32662, the npm package @backstage/techdocs-common (versions before 0.6.3) is affected by a path traversal vulnerability via mkdocs.yml: an attacker who can modify docs_dir in the documentation source and access the TechDocs backend could read sensitive files from the build environment...
CVE-2021-32662 TechDocs mkdocs.yml path traversal
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In @backstage/techdocs-common versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is buil...
[SECURITY] Fedora 33 Update: python-pillow-7.2.0-6.fc33
Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...
CVE-2020-11978
creationtimestamp| type| source ---|---|--- 2021-06-03 00:39:25+00:00| seen| https://t.me/pwnwikizhchannel/579 2023-06-14 21:10:04+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-09-18 22:16:38+00:00| seen|...
Violation of implicit constraints in batched operations may break protocol assumptions
Handle 0xRajeev Vulnerability details Impact The Ladle batching of operations is a complex task as noted by the project lead which has implicit constraints on what operations can be bundled together in a batch, which operations can/have-to appear how many times and in what order/sequence etc. Som...
GetSimple CMS 3.3.4 - Information Disclosure
Exploit Title: GetSimple CMS 3.3.4 - Information Disclosure Date 01.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://get-simple.info/ Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS/archive/refs/tags/v3.3.4.zip Version: 3.3.4 CVE: CVE-2014-8722 Documentation:...
DEBIAN-CVE-2021-3509
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The...
UBUNTU-CVE-2021-3509
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The...
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords
KL-001-2021-003: CommScope Ruckus IoT Controller Hard-coded System Passwords Title: CommScope Ruckus IoT Controller Hard-coded System Passwords Advisory ID: KL-001-2021-003 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-003.txt 1. Vulnerabilit...
CVE-2020-25634
A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected...
[SECURITY] Fedora 34 Update: composer-2.0.13-1.fc34
Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...
Red Hat 访问控制错误漏洞
Red Hat is an operating system from the American company Red Hat, Inc. It provides an open source operating system. A security vulnerability exists in the API documentation URL for Red Hat 3scale, which stems from access without credentials. An attacker could use the vulnerability to view sensiti...
PT-2021-11165 · Red Hat · Red Hat 3Scale
Name of the Vulnerable Software and Affected Versions: Red Hat 3scale versions prior to 3scale-2.10.0-ER1 Description: A flaw was found in Red Hat 3scale’s API documentation URL, allowing access without credentials. This issue enables an attacker to view sensitive information or modify service...
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0391
An update of 'libmspack', 'gnutls', 'bindutils' packages of Photon OS has been released...
raptor2 security and bug fix update
2.0.15-16 - Resolves: rhbz1900904 CVE-2020-25713 raptor2: malformed input file can lead to a segfault 2.0.15-15 - Resolves: rhbz1896534 CVE-2017-18926 raptor: heap-based buffer overflow 2.0.15-14 - Resolves: rhbz1896340 Suppress documentation in Flatpak builds...
Moderate: Red Hat Security Advisory: Release of OpenShift Serverless 1.14.1 security update
An update for openshift-serverless-1-kn-cli-artifacts-rhel8-container, openshift-serverless-1-knative-rhel8-operator-container, and openshift-serverless-1-serverless-operator-bundle-container is now available for Openshift Serveless 1.14. Red Hat Product Security has rated this update as having a...
SQLFluff - A SQL Linter And Auto-Formatter For Humans
SQLFluff is a dialect-flexible and configurable SQL linter. Designed with ELT applications in mind, SQLFluff also works with jinja templating and dbt. SQLFluff will auto-fix most linting errors, allowing you to focus your time on what matters. Getting Started To get started, install the package a...