278 matches found
CVE-2023-41899
Home Assistant Core vulnerability CVE-2023-41899: a partial SSRF in the hassio.addon_stdin service allows an attacker who can call that service (e.g., via GHSA-h2jp-7grc-9xpp) to invoke any Supervisor REST API endpoints through a POST request. An exploited attacker can control the data dictionary...
CVE-2023-41899 Partial Server-Side Request Forgery in Home Assistant Core
Home assistant is an open source home automation. In affected versions the hassio.addonstdin is vulnerable to a partial Server-Side Request Forgery where an attacker capable of calling this service e.g.: through GHSA-h2jp-7grc-9xpp may be able to invoke any Supervisor REST API endpoints with a PO...
CVE-2023-41899 Partial Server-Side Request Forgery in Home Assistant Core
Home assistant is an open source home automation. In affected versions the hassio.addonstdin is vulnerable to a partial Server-Side Request Forgery where an attacker capable of calling this service e.g.: through GHSA-h2jp-7grc-9xpp may be able to invoke any Supervisor REST API endpoints with a PO...
CVE-2023-41899 Partial Server-Side Request Forgery in Home Assistant Core
Home assistant is an open source home automation. In affected versions the hassio.addonstdin is vulnerable to a partial Server-Side Request Forgery where an attacker capable of calling this service e.g.: through GHSA-h2jp-7grc-9xpp may be able to invoke any Supervisor REST API endpoints with a PO...
CVE-2023-41898 Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android
Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential...
CVE-2023-44385 Client-Side Request Forgery in Home Assistant iOS/macOS native Apps
The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this...
CVE-2023-44385 Client-Side Request Forgery in Home Assistant iOS/macOS native Apps
The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this...
CVE-2023-44385 Client-Side Request Forgery in Home Assistant iOS/macOS native Apps
The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this...
CVE-2023-43662
ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...
Authentication flaw
ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...
CVE-2023-43662 Arbitrary file read vulnerability in Shoko Server
ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...
CVE-2023-43662
ShokoServer exposes the /api/Image/WithPath endpoint without authentication in affected versions, passing serverImagePath to System.IO.File.OpenRead without sanitization, enabling arbitrary file reads via a path-traversal/LFI pattern. This can leak sensitive server files, particularly when the Wi...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 4 security fixes: 1452137 High CVE-2023-3420: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-06-07 1447568 High CVE-2023-3421: Use after free in Media. Reported by Piotr Bania of Cisco Talos on 2023-05-22 1450397 High...
GitHub Security Lab: [Python] Unsafe Unpacking and TarSlip bug slaying
Vulnerability description not provided...
GitHub Security Lab: cpp: if (a+b>c) a=c-b is incorrect if a+b overflows
Vulnerability description not provided...
GitHub Security Lab: JavaScript: Add some new XSS sinks and sources of Next.js (and some extra improvements)
Vulnerability description not provided...
Debian dla-3442 : jupyter-nbconvert - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3442 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3442-1 [email protected] https://www.debian.org/lts/security/...
GitHub Security Lab: [Python] Add Unicode Bypass Validation query tests and help
Vulnerability description not provided...
GitHub Security Lab: [python]: Add some dangerous sinks for paramiko ssh clients
Vulnerability description not provided...
GitHub Security Lab: CPP: Add query for CWE-369: Divide By Zero.
Vulnerability description not provided...