44 matches found
EUVD-2023-1024
Malicious code in bioql PyPI...
EUVD-2023-0895
Malicious code in bioql PyPI...
EUVD-2023-0981
Malicious code in bioql PyPI...
EUVD-2023-0942
Malicious code in bioql PyPI...
CVE-2022-48367
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled...
CVE-2022-48365
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges...
CVE-2022-48366
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack...
CVE-2021-46875
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file...
GHSA-9J39-4686-M3C4 Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Impact File validation can be configured to reject certain files by file type. When this happens, validation fails, and the content can't be published. However, the file can be saved when saving the content draft. This means unwanted files can be present in storage, even if they are not easily...
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Impact File validation can be configured to reject certain files by file type. When this happens, validation fails, and the content can't be published. However, the file can be saved when saving the content draft. This means unwanted files can be present in storage, even if they are not easily...
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Impact File validation can be configured to reject certain files by file type. When this happens, validation fails, and the content can't be published. However, the file can be saved when saving the content draft. This means unwanted files can be present in storage, even if they are not easily...
GHSA-MWVH-P3HX-X4GG Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Impact File validation can be configured to reject certain files by file type. When this happens, validation fails, and the content can't be published. However, the file can be saved when saving the content draft. This means unwanted files can be present in storage, even if they are not easily...
GHSA-C737-JHWR-FQXJ Duplicate Advisory: Cross Site Scripting in eZ Platform Ibexa Kernel
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mrvj-7q4f-5p42. This link is maintained to preserve external references. Original Description Impact In file upload it is possible by certain means to upload files like .html and .js. These may contain XSS...
Duplicate Advisory: Cross Site Scripting in eZ Platform Ibexa Kernel
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mrvj-7q4f-5p42. This link is maintained to preserve external references. Original Description Impact In file upload it is possible by certain means to upload files like .html and .js. These may contain XSS...
GHSA-89P3-9J8C-FQH4 Duplicate Advisory: User account enumeration in eZ Publish Ibexa Kernel
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gmrf-99gw-vvwj. This link is maintained to preserve external references. Original Description This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open...
CVE-2022-48366
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack...
CVE-2022-48367
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled...
CVE-2021-46875
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file...
CVE-2022-48365
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges...
CVE-2021-46875
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file...