5 matches found
CVE-2022-41876 ezplatform-graphql GraphQL queries can expose password hashes
ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...
GHSA-G6WQ-QCWM-J5G2 Regular Expression Denial of Service in websocket-extensions (RubyGem)
Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...
RedHat Update for pcre RHSA-2007:1068-01
Check for the Version of pcre OpenVAS Vulnerability Test RedHat Update for pcre RHSA-2007:1068-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...
RHEL 2.1 / 3 : tcpdump (RHSA-2004:008)
Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP and RADIUS parsing. Updated 15 Jan 2004 Updated the text description to better describe the vulnerabilities found by Jonathan Heusser and give them CVE names. Tcpdump is a command-line tool for monitoring network traffi...
XSS vulnerability on contacts view
Impact Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populat...