CVE-2023-35870

When creating a journal entry template in SAP S/4HANA Manage Journal Entry Template - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template...

CLSA-2023-1689010064 Fix CVE(s): CVE-2022-29885

SECURITY UPDATE: EncryptInterceptor only provides partial protection on untrusted network - debian/patches/CVE-2022-29885.patch: Update the documentation to state that the EncryptInterceptor does not provide sufficient protection to run Tomcat clustering over an untrusted network. - CVE-2022-2988...

CLSA-2023-1689009963 Fix CVE(s): CVE-2022-29885

SECURITY UPDATE: EncryptInterceptor only provides partial protection on untrusted network - debian/patches/CVE-2022-29885.patch: Update the documentation to state that the EncryptInterceptor does not provide sufficient protection to run Tomcat clustering over an untrusted network. - CVE-2022-2988...

RUSTSEC-2023-0027 TLS certificate common name validation bypass

The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...

CVE-2023-1570

A vulnerability, which was classified as problematic, has been found in syoyo tinydng. Affected by this issue is the function interceptormemcpy of the file tinydngloader.h. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been...

syoyo tinydng 安全漏洞

syoyo tinydng is a loader and writer library by the individual developer Syoyo Fujita. A security vulnerability exists in syoyo tinydng, which stems from a problem with the function interceptormemcpy in the file tinydngloader.h, which can lead to a heap-based buffer overflow...

PT-2023-17086 · Unknown · Syoyo Tinydng

Name of the Vulnerable Software and Affected Versions: syoyo tinydng affected versions not specified Description: A problematic issue has been found, affecting the interceptor memcpy function of the file tiny dng loader.h. This leads to a heap-based buffer overflow. Local access is required for a...

SUSE CVE-2011-3923

Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands...

SUSE CVE-2012-0392

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...

SUSE CVE-2012-0393

The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object...

SUSE CVE-2014-0116

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

SUSE CVE-2022-27416

Tcpreplay v4.4.1 was discovered to contain a double-free via interceptorfree...

SUSE CVE-2022-29885

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide...

SUSE CVE-2022-32091

MariaDB v10.7 was discovered to contain an use-after-poison in in interceptormemset at /libsanitizer/sanitizercommon/sanitizercommoninterceptors.inc...

CVE-2023-22798

Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites...

WP-Ban < 1.69.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to the plugin settings and set these...

WP-Ban < 1.69.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to the plugin settings and set these fields...

The vulnerability of the CookieInterceptor class implementation in the Apache Struts software platform allows a hacker to execute arbitrary code.

The vulnerability of the CookieInterceptor class implementation in the Apache Struts software platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary code using a specially created HTTP cookie header...

The vulnerability of the ParametersInterceptor class implementation in the Apache Struts software platform allows attackers to compromise the integrity of the protected information.

The vulnerability of the ParametersInterceptor class implementation in the Apache Struts software platform is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to manipulate the integrity of protected information by using a class parameter passed t...

The vulnerability in the implementation of the OGNL expression transformation class for XWork command structures on the Apache Struts software platform allows attackers to circumvent security restrictions and execute arbitrary commands.

The vulnerability of the OGNL expression transformation class implementation in the XWork expression structure of the Apache Struts software framework is related to deficiencies in access control when using the ParametersInterceptor class with the parameter. Exploiting this vulnerability allows a...