Reflected XSS in Metrics Web Page

Reflected XSS in Sidekiq Web UI via the /metrics HTTP end-point and the substr query param: https://host/sidekiq/metrics?substr=foot%22%3E%3Cscript%20src=%22payload%22%20/%3E...

PT-2024-25317 · Sourcecodester · Aplaya Beach Resort Online Reservation System

Name of the Vulnerable Software and Affected Versions: SourceCodester Aplaya Beach Resort Online Reservation System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file admin/mod users/controller.php?action=add. The manipulation of...

VulnCheck KEV: CVE-2022-0185

Linux kernel contains a heap-based buffer overflow vulnerability in the legacyparseparam function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges...

BIT-DISCOURSE-2023-23624 Discourse's exclude_tags param could leak which topics had a specific hidden tag

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, someone can use the excludetag param to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse...

GHSA-FGXV-GW55-R5FQ Authorization Bypass Through User-Controlled Key in go-zero

Summary Hello go-zero maintainer team, I would like to report a security concerning your CORS Filter feature. Details Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses...

openssl: Excessive time spent checking DH keys and parameters

A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DHcheck, DHcheckex, or EVPPKEYparamcheck functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an...

PT-2024-40731 · Absl · Absl

Name of the Vulnerable Software and Affected Versions: absl affected versions not specified Description: A heap-use-after-free READ 4 crash has been identified. The issue is related to the absl::lts NUMBER::random internal::InitDiscreteDistribution and absl::lts NUMBER::discrete distribution::par...

PT-2024-15668 · WordPress · Amp For Wp – Accelerated Mobile Pages

Name of the Vulnerable Software and Affected Versions: AMP for WP – Accelerated Mobile Pages plugin for WordPress versions up to, and including, 1.0.92.1 Description: The issue is related to Reflected Cross-Site Scripting via the disqus name parameter due to insufficient input sanitization and...

PT-2023-32881 · Unknown · Code-Projects Library Management System

Name of the Vulnerable Software and Affected Versions: code-projects Library Management System version 2.0 Description: A critical vulnerability was found in the code-projects Library Management System. The issue is related to the manipulation of the category argument, which leads to SQL injectio...

RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.7 (RHSA-2023:7622)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7622 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...

OSV-2023-1201 Negative-size-param in pcpp::RawPacket::insertData

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64418 Crash type: Negative-size-param Crash state: pcpp::RawPacket::insertData pcpp::Packet::extendLayer pcpp::BgpUpdateMessageLayer::setNetworkLayerReachabilityInfo...

PT-2023-31114 · Unknown · Ironman Powershell Universal

Name of the Vulnerable Software and Affected Versions: Ironman PowerShell Universal versions 3.0.0 through 4.2.0 Description: The issue allows remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. This is...

OSV-2023-1146 Negative-size-param in pcpp::RawPacket::insertData

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64111 Crash type: Negative-size-param Crash state: pcpp::RawPacket::insertData pcpp::Packet::extendLayer pcpp::BgpUpdateMessageLayer::setNetworkLayerReachabilityInfo...

Missing Cryptographic Step

Overview openssl is a package that wraps the OpenSSL library. Affected versions of this package are vulnerable to Missing Cryptographic Step when the EVPEncryptInitex2, EVPDecryptInitex2 or EVPCipherInitex2 functions are used. An attacker can cause truncation or overreading of key and...

memcpy-param-overlap in MP4Box

Description memcpy-param-overlap in MP4Box Version $ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic 3322.04.1-Ubuntu SMP PREEMPTDYNAMIC Thu Sep 7 10:33:52 UTC 2 x8664 x8664 x8664 GNU/Linux Asan 32mDashe...

Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input

Summary Faktory web dashboard can suffer from denial of service by a crafted malicious url query param days. Details The vulnerability is related to how the backend reads the days URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string...

OSV-2023-874 Memcpy-param-overlap in bit_u_expand

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62461 Crash type: Memcpy-param-overlap Crash state: bituexpand bitTVtoutf8 dwgdecodeheadervariables...

DEBIAN-CVE-2023-39948

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the BadParamException thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 conta...

UBUNTU-CVE-2023-39948

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the BadParamException thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 conta...

eProsima Fast DDS Security Vulnerability

eProsima Fast DDS is the C++ implementation of eProsima's OMG Object Management Group DDS Data Distribution Service standard. A security vulnerability exists in eProsima Fast DDS versions prior to v2.10.0, which stems from BadParamExceptionFast CDR throws an exception that is not caught by Fast...