CVE-2024-35186 gix traversal outside working tree enables arbitrary code execution

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

PYSEC-2024-237

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if the...

Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.

Summary The b-type products are vulnerable due to an OpenSSL issue in the FOS firmware. The vulnerability has been addressed and can be resolved by applying the FOS code level listed below. Vulnerability Details CVEID:CVE-2023-0466 DESCRIPTION: OpenSSL could allow a remote attacker to bypass...

UBUNTU-CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2022-36648 affecting package qemu for versions less than 6.2.0-18

CVE-2022-36648 affecting package qemu for versions less than 6.2.0-18. A patched version of the package is available...

GHSA-HMX6-R76C-85G9 Gradio apps vulnerable to timing attacks to guess password

Impact This security policy is with regards to a timing attack that allows users of Gradio apps to potentially guess the password of password-protected Gradio apps. This relies on the fact that string comparisons in Python terminate early, as soon as there is a string mismatch. Because Gradio app...

UBUNTU-CVE-2024-23635

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

AZL-44340 CVE-2024-21626 affecting package buildah for versions less than 1.41.4-2

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process from runc exec to have a working directory in the host filesystem...

PT-2024-15128

Name of the Vulnerable Software and Affected Versions Better Search Replace plugin for WordPress versions up to, and including, 1.4.4 Description The issue is related to PHP Object Injection via deserialization of untrusted input, allowing unauthenticated attackers to inject a PHP Object. If a PO...

RUSTSEC-2024-0001 Unsound use of str::from_utf8_unchecked on bytes which are not UTF-8

Affected versions receive a &u8 from the caller through a safe API, and pass it directly to the unsafe str::fromutf8unchecked function. The behavior of ferrissays::say is undefined if the bytes from the caller don't happen to be valid UTF-8. The flaw was corrected in ferris-says21 by using the sa...

PT-2024-19268 · Unknown · Django Template Engine

Name of the Vulnerable Software and Affected Versions: Django template engine for Fiber versions prior to the latest patched version Description: This issue specifically impacts web applications that render user-supplied data through the Django template engine, potentially leading to the executio...

CVE-2024-21638 Azure IPAM solution Elevation of Privilege Vulnerability

Azure IPAM IP Address Management is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assign...

CVE-2023-51701 @fastify-reply-from JSON Content-Type parsing confusion

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with @fastify/reply-from could misinterpret the incoming body by passing an header ContentType: application/json ; charset=utf-8. This can lead to bypass of security checks...

CVE-2023-51449 Make the `/file` secure against file traversal attacks

Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of gradio prior to 4.11.0 contained a vulnerability in the /file route which made them susceptible to file traversal...

PT-2023-8650 · Kyocera · Kyocera Device Manager

Name of the Vulnerable Software and Affected Versions: Kyocera Device Manager versions prior to 3.1.1213.0 Description: The issue is related to incorrect restriction of a directory path with limited access. Exploitation may allow a remote attacker to bypass the authentication process. The...

CVE-2023-50251 php-svg-lib possible DoS caused by infinite recursion when parsing SVG document

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the...

PT-2023-8992 · Gl.Inet · Gl-Inet Ax1800

Name of the Vulnerable Software and Affected Versions: GL.iNet AX1800 versions 4.0.0 through 4.4.x Description: The issue is related to insecure permissions, allowing a remote attacker to execute arbitrary code via the "upload API function". This can be achieved by sending a request to the "uploa...

PYSEC-2023-303

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. In affected versions a node does not check if an image is allowed to run if a parentid is set. A malicious party that breaches the server may modify it to set a...

PT-2023-7689 · Google +4 · Google Chrome +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 120.0.6099.109 Description: The issue is related to a type confusion in the V8 JavaScript engine, which can be exploited by a remote attacker using a specially crafted HTML page, potentially leading to heap...

PT-2023-9435 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 124.0.6367.60 Description: The issue is related to the Autofill feature in Google Chrome, where an inappropriate implementation allows a remote attacker to perform UI spoofing via a crafted HTML page. This can...