975 matches found
CVE-2023-25562 Failure to Invalidate Session on Logout in DataHub
DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the AuthUtils.hasValidSessionCookie method could be bypassed by using a cookie from a logged out...
CVE-2023-25562 Failure to Invalidate Session on Logout in DataHub
DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the AuthUtils.hasValidSessionCookie method could be bypassed by using a cookie from a logged out...
GitHub Security Lab: [CPP]: Add query for CWE-805: Buffer Access with Incorrect Length Value using some functions
Vulnerability description not provided...
CVE-2023-23619
Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue...
CVE-2023-23619
The CVE-2023-23619 vulnerability affects @asyncapi/modelina (Modelina) prior to version 1.0.0. It enables code injection through default presets or when users do not handle rendering themselves. The issue is partially mitigated in 1.0.0, per GHSA guidance: if you only access constrained models, t...
CVE-2023-23619 Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina
Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue...
CVE-2023-0440 Observable Discrepancy in healthchecks/healthchecks
Observable Discrepancy in GitHub repository healthchecks/healthchecks prior to v2.6...
CVE-2023-0301 Cross-site Scripting (XSS) - Stored in alfio-event/alf.io
Cross-site Scripting XSS - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301...
CVE-2023-0107 Cross-site Scripting (XSS) - Stored in usememos/memos
Cross-site Scripting XSS - Stored in GitHub repository usememos/memos prior to 0.10.0...
Input validation
Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1...
CVE-2022-4801 Insufficient Granularity of Access Control in usememos/memos
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1...
CVE-2020-36561 Path traversal in github.com/yi-ge/unzip
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
CVE-2022-4695
Cross-site Scripting XSS - Stored in GitHub repository usememos/memos prior to 0.9.0...
GitHub Security Lab: [Go]: Add Beego.Input.RequestBody source to Beego framework
Vulnerability description not provided...
Fedora 36 : capnproto / fastnetmon / librime / rr / sonic-visualiser (2022-5d37367673)
The remote Fedora 36 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2022-5d37367673 advisory. Update capnproto to version 0.9.2 to address CVE-2022-46149. Dependent packages were rebuilt for both the fix for the security issue and the capnproto SONAME...
CVE-2022-46149
Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...
CVE-2022-46149 Cap'n Proto vulnerable to out-of-bounds read due to logic error handling list-of-list.
Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...
CVE-2022-46149
CVE-2022-46149 affects Cap'n Proto and its Rust crate. The vulnerability is an out-of-bounds read caused by logic errors when handling a list-of-pointer type, which can lead to a remote segfault and, with additional actions, memory exfiltration. The issue is present in inlined code and requires r...
CVE-2022-46149 Cap'n Proto vulnerable to out-of-bounds read due to logic error handling list-of-list.
Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...
GitHub Security Lab: [CPP]Add query to detect bugs like CVE-2017-5123
Vulnerability description not provided...