UBUNTU-CVE-2023-25652

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

CVE-2023-25652

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

Open redirect

A vulnerability classified as problematic has been found in Arno0x TwoFactorAuth. This affects an unknown part of the file login/login.php. The manipulation of the argument from leads to open redirect. It is possible to initiate the attack remotely. This product does not use versioning. This is w...

CVE-2023-1452

A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/loadtext.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit...

Double free

A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gfav1resetstate of the file mediatools/avparsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The explo...

CVE-2023-28108 Pimcore has improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model

Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in...

Cross site scripting

A vulnerability classified as problematic has been found in GENI Portal. This affects the function noinvocationiderror of the file portal/www/portal/sliceresource.php. The manipulation of the argument invocationid/invocationuser leads to cross site scripting. It is possible to initiate the attack...

CVE-2017-20170 ollpu parontalli index.php sql injection

A vulnerability was found in ollpu parontalli. It has been classified as critical. Affected is an unknown function of the file httpdocs/index.php. The manipulation of the argument s leads to sql injection. The patch is identified as 6891bb2dec57dca6daabc15a6d2808c8896620e5. It is recommended to...

Path traversal

A vulnerability classified as critical was found in hoffie larasync. This vulnerability affects unknown code of the file repository/content/filestorage.go. The manipulation leads to path traversal. The name of the patch is 776bad422f4bd4930d09491711246bbeb1be9ba5. It is recommended to apply a pat...

CVE-2015-10024 hoffie larasync file_storage.go path traversal

A vulnerability classified as critical was found in hoffie larasync. This vulnerability affects unknown code of the file repository/content/filestorage.go. The manipulation leads to path traversal. The name of the patch is 776bad422f4bd4930d09491711246bbeb1be9ba5. It is recommended to apply a pat...

Sql injection

A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issue affects some unknown processing of the file src/main/java/org/identifiers/db/RegistryDao.java. The manipulation leads to sql injection. The patch is named 44bb0db91c064e305b192fc73521d1dfd25bde52...

CVE-2014-125047

The CVE-2014-125047 entry concerns tbezman school-store with a SQL injection vulnerability in an unknown part, classified as Critical. The patch identifier 2957fc97054216d3a393f1775efd01ae2b072001 is associated with this issue (VDB-217557). No specific affected versions or vulnerable component de...

CVE-2022-4822 FlatPress Setup main.lib.php cross site scripting

A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is...

CVE-2018-25049 email-existence index.js redos

A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The name of the patch is 0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56. It is...

CVE-2021-4281

A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this issue is some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command injection. The name of the patch is 55b5a234c0fab935df5fb08365bc8fe9c37cf46b. It...

CVE-2022-4066

A vulnerability was found in davidmoreno onion. It has been rated as problematic. Affected by this issue is the function onionresponseflush of the file src/onion/response.c of the component Log Handler. The manipulation leads to allocation of resources. The name of the patch is...

Memory corruption

A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpzadecodestream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix thi...

CVE-2014-125017 FFmpeg rpza_decode_stream memory corruption

A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpzadecodestream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix thi...

CVE-2020-36542 Demokratian install3.php privileges management

A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is...

CVE-2022-23655 Missing server signature validation in OctoberCMS

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to...