CVE-2025-57697

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...

PT-2024-29030 · Openstack +2 · Openstack Nova +2

Name of the Vulnerable Software and Affected Versions: OpenStack Nova versions prior to 29.1.1 Description: A medium severity issue affects OpenStack Nova, where crafted image paths can expose sensitive data, potentially leading to data theft risk. Recommendations: For OpenStack Nova versions pri...

PT-2024-4855 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows versions 7 through 11 affected versions not specified Description: A spoofing vulnerability exists within the Windows Themes component, potentially allowing attackers to steal NTLM credentials. The vulnerability is related to the...

SUSE-SU-2022:4501-1 Security update for ceph

This update for ceph fixes the following issues: ceph was updated to the Pacific release 16.2.9-536-g41a9f9a5573: + bsc1195359, bsc1200553 rgw: check bucket shard init status in RGWRadosBILogTrimCR + bsc1194131 ceph-volume: honour osddmcryptkeysize option CVE-2021-3979 + bsc1200064, Remove last...

SUSE-SU-2022:2818-1 Security update for ceph

This update for ceph fixes the following issues: - Update to 16.2.9-536-g41a9f9a5573: + bsc1195359, bsc1200553 rgw: check bucket shard init status in RGWRadosBILogTrimCR + bsc1194131 ceph-volume: honour osddmcryptkeysize option CVE-2021-3979 - Update to 16.2.9-158-gd93952c7eea: + cmake: check for...

Bypass Restriction

HashiCorp Nomad and Nomad Enterprise with the QEMU task driver enabled is vulnerable to bypass restriction. It allows authenticated users with job submission capabilities to bypass the configured allowed image paths...

WordPress plugin Yoast SEO 信息泄露漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. An information disclosure vulnerability exists in versions of the WordPress Yoast SEO plugin prior to...

CVE-2022-25336

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference IDOR attacks against image files because the image path and filename can be correctly deduced...

CVE-2021-43415

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...

Improper Authentication in HashiCorp Nomad

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...

GHSA-2JHH-5XM2-J4GF Improper Authentication in HashiCorp Nomad

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...

CVE-2021-43415

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...

Design/Logic Flaw

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...

CVE-2021-43415

CVE-2021-43415 affects HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0 when the QEMU task driver is enabled. Authenticated users with job submission capabilities could bypass the configured allowed image paths due to the underlying issue in the QEMU task driver handling. Fixed...

PT-2021-23842 · Hashicorp · Nomad Enterprise +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 1.0.13 and earlier, 1.1.7 and earlier, 1.2.0 and earlier Description: The issue allowed authenticated users with job submission capabilities to bypass the configured allowed image paths when the...