20 matches found
CVE-2021-39172
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...
CVE-2024-42332 New line injection in Zabbix SNMP traps
The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attac...
CVE-2024-42332 New line injection in Zabbix SNMP traps
The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attac...
GHSA-9JXW-CFRH-JXQ6 Cachet vulnerable to new line injection during configuration edition
Impact Authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. Patches This issue was addressed by improving UpdateConfigCommandHandler and preventi...
Cachet vulnerable to new line injection during configuration edition
Impact Authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. Patches This issue was addressed by improving UpdateConfigCommandHandler and preventi...
CVE-2021-39172
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...
CVE-2021-39172
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...
Design/Logic Flaw
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...
CVE-2021-39172
Cachet (open source status page system) prior to version 2.5.1 is vulnerable to a new line injection in the configuration edition feature (e.g., mail settings) that allows authenticated users, regardless of privilege, to achieve arbitrary code execution on the server. Root cause: insertion of new...
CVE-2021-39172 New line injection during configuration edition
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...
OPENSUSE-SU-2021:0754-1 Security update for exim
This update for exim fixes the following issues: Exim was updated to exim-4.94.2 security update boo1185631 CVE-2020-28007: Link attack in Exim's log directory CVE-2020-28008: Assorted attacks in Exim's spool directory CVE-2020-28014: Arbitrary PID file creation CVE-2020-28011: Heap buffer overfl...
Security update for exim (critical)
openSUSE Security Update: Security update for exim Announcement ID: openSUSE-SU-2021:0754-1 Rating: critical References: 1079832 1171490 1171877 1173693 1185631 Cross-References: CVE-2017-1000369 CVE-2017-16943 CVE-2017-16944 CVE-2018-6789 CVE-2019-16928 CVE-2020-12783 CVE-2020-28007 CVE-2020-280...
Security update for exim (critical)
openSUSE Security Update: Security update for exim Announcement ID: openSUSE-SU-2021:0753-1 Rating: critical References: 1079832 1136587 1142207 1154183 1160726 1171490 1171877 1173693 1185631 Cross-References: CVE-2017-1000369 CVE-2017-16943 CVE-2017-16944 CVE-2018-6789 CVE-2019-10149...
OPENSUSE-SU-2021:0677-1 Security update for exim
This update for exim fixes the following issues: Exim was updated to exim-4.94.2 security update boo1185631 CVE-2020-28007: Link attack in Exim's log directory CVE-2020-28008: Assorted attacks in Exim's spool directory CVE-2020-28014: Arbitrary PID file creation CVE-2020-28011: Heap buffer overfl...
Privilege Escalation
exim4 is vulnerable to privilege escalation. The vulnerability exists due to a new-line injection into spool header files...
Adobe Acrobat 2017 Security Updates (APSB18-09) - Windows
Adobe Acrobat 2017 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobat";...
Security update for Mozilla Thunderbird (important)
This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...
Security update for Mozilla Thunderbird (important)
This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin CVE-2017-7847: Local path string can be leaked from RSS feed CVE-2017-7848: RSS Feed vulnerable to...
GitLab: Evaluating Ruby code by injecting Rescue job on the system_hook_push queue through web hook
The secret token field of a webhook is vulnerable to a new line injection, allowing an attacker to inject non-HTTP commands in a TCP stream. When a GitLab instance is configured with an external Redis instance, e.g. on 127.0.0.1:6379, it may result in arbitrary code execution on a Sidekiq worker ...