184 matches found
OESA-2025-1818 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...
OESA-2025-1817 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...
OESA-2025-1815 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...
OESA-2025-1706 apache-commons-fileupload security update
The javax.servlet package lacks support for RFC-1867, HTML file upload. This package provides a simple to use API for working with such data. The scope of this package is to create a package of Java utility classes to read multipart/form-data within a javax.servlet.http.HttpServletRequest. Securi...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing multipart headers. An attacker can exhaust system resources by sending malicious requests with excessively large individual multipart headers. Remediation Upgrade...
DEBIAN-CVE-2025-48976
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fi...
Fixing 7,400 Bugs for 1$: Cheap Crash-Site Program Repair
The rapid advancement of bug-finding techniques has led to the discovery of more vulnerabilities than developers can reasonably fix, creating an urgent need for effective Automated Program Repair APR methods. However, the complexity of modern bugs often makes precise root cause analysis difficult...
CVE-2023-50029
PHP Injection vulnerability in the module "M4 PDF Extensions" m4pdf up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate method...
CVE-2023-40193
Deco M4 firmware versions prior to 'Deco M4JPV21.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands...
CVE-2023-2260
Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-2258
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
MAL-2025-3185 Malicious code in esy-m4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d50f3c1994b8efe53e778d8ba331e1ceec48993b57b0fc3f279eb3f4b9dea361 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Linux Distros Unpatched Vulnerability : CVE-2008-1688
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames...
Linux Distros Unpatched Vulnerability : CVE-2008-1687
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent...
CVE-2024-25634
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue...
CVE-2024-37389 Apache NiFi: Improper Neutralization of Input in Parameter Context Description
Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client...
CVE-2023-50029
PHP Injection vulnerability in the module "M4 PDF Extensions" m4pdf up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate method...
CVE-2023-50029
CVE-2023-50029 affects PrestaShop’s M4 PDF Extensions (m4pdf) module up to version 3.3.2 by PrestaAddons. The vulnerability allows PHP injection through M4PDF::saveTemplate(), enabling arbitrary code execution. Documented impact is critical (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). No expl...
PT-2024-13851 · Prestashop · Prestashop M4 Pdf Extensions Module
Name of the Vulnerable Software and Affected Versions: PrestaShop M4 PDF Extensions module versions up to 3.3.2 Description: The issue allows attackers to run arbitrary code via the M4PDF::saveTemplate method, potentially leading to code injection attacks. This could enable malicious activities,...
CVE-2023-50029
PHP Injection vulnerability in the module "M4 PDF Extensions" m4pdf up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate method...