CVE-2022-39264 nheko vulnerable to secret poisoning using MITM on secret requests by the homeserver

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...

Heap overflow

linkedlistallocator is an allocator usable for nostd systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 sizeof:: because...

CVE-2022-31145 Insufficient AccessToken Expiration Check in FlyteAdmin

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Users who use FlyteAdmin...

CVE-2022-24785 Path Traversal in Moment.js

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...

CVE-2022-24797 Exposure of Sensitive Information in Pomerium

Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of service conditions. This...

CVE-2022-23641 Denial of Service in Discourse

Discourse is an open source discussion platform. In versions prior to 2.8.1 in the stable branch, 2.9.0.beta2 in the beta branch, and 2.9.0.beta2 in the tests-passed branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an...

PT-2021-23932 · Nodebb · Nodebb

Name of the Vulnerable Software and Affected Versions: Nodebb versions prior to 1.18.5 Description: The issue is related to incorrect logic in the token verification step, which unintentionally allowed master token access to the API. Recommendations: For versions prior to 1.18.5, upgrade to versi...

PT-2021-7496 · Mariadb +10 · Mariadb Server +10

Name of the Vulnerable Software and Affected Versions: MariaDB Server versions prior to 10.6 Description: The issue is related to the component Item subselect::init expr cache tracker in MariaDB Server, which fails to protect the SQL query structure. This allows a remote attacker to cause a Denia...

PT-2020-16393 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 1.15.5 TensorFlow versions prior to 2.0.4 TensorFlow versions prior to 2.1.3 TensorFlow versions prior to 2.2.2 TensorFlow versions prior to 2.3.2 TensorFlow versions prior to 2.4.0 Description: In affected versio...

PT-2020-1522 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 10.3.6.0.0 and 12.1.3.0.0 Description: The issue is related to insufficient access control in the WLS Core Components of Oracle WebLogic Server, allowing a remote attacker to gain unauthorized access to protect...

PT-2017-17890

Name of the Vulnerable Software and Affected Versions SquirrelMail versions prior to 20170427 0200-SVN Description The issue allows post-authentication remote code execution via a mishandled sendmail.cf file in a popen call. This can be exploited to execute arbitrary shell commands on the remote...

PT-2016-1843

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.0.1o OpenSSL versions prior to 1.0.2c Description The issue is caused by a buffer overflow in the ASN.1 implementation, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted...

[oss-security] [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations

There is a vulnerability in the 'implicit render' functionality in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0130. Versions Affected: All Supported Not affected: None Fixed Versions: 4.1.1, 4.0.5, 3.2.18 Impact ------ The implicit render functionality allows...

SIU Guarani Multiple Remote Vulnerabilities

No description provided by source. multiple remote vulnerabilities siu guarani general information ------------------- bug type : multiple remote vulnerabilities software name : SIU Guarani vendor : SIU www.siu.edu.ar authors : proudhon & Ubik date : the 341st day of the year 2008 contact : N/A...