PT-2024-40269 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue allows backend users to upload certain file types, including .phar, .shtml, .pl, or .cgi files, due to missing file extensions in the $GLOBALS'TYPO3 CONF VARS''BE''fileDenyPattern'...

PT-2024-40190 · Packagist · Typo3/Cms-Core

Name of the Vulnerable Software and Affected Versions: No specific software or version information is provided. Description: The issue arises from improper encoding of user input, making the login status display susceptible to cross-site scripting in the website frontend. To exploit this, a valid...

Fedora: Security Advisory for rust-ripgrep (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-26393 · Unknown · Zksync Era

Name of the Vulnerable Software and Affected Versions: ZKsync Era versions prior to 1.3.10 Description: ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. A bug in the evaluation order of Yul function arguments is exposed by a specific pattern fa,b; check if a...

[SECURITY] Fedora 40 Update: rust-ripgrep-14.1.0-3.fc40

Ripgrep is a line-oriented search tool that recursively searches the current directory for a regex pattern while respecting gitignore rules. ripgrep has first class support on Windows, macOS and Linux...

JAW - A Graph-based Security Analysis Framework For Client-side JavaScript

An open-source, prototype implementation of property graphs for JavaScript based on the esprima parser, and the EsTree SpiderMonkey Spec. JAW can be used for analyzing the client-side of web applications and JavaScript-based programs. This project is licensed under GNU AFFERO GENERAL PUBLIC LICEN...

SUSE CVE-2024-4067

The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...

CVE-2024-4067

A flaw was found in the NPM package micromatch where it is vulnerable to a regular expression denial of service ReDoS. The issue occurs in micromatch.braces in index.js because the pattern . will readily match anything. By passing a malicious payload, the pattern matching will keep backtracking t...

VulnCheck KEV: CVE-2022-25237

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...

DEBIAN-CVE-2024-4067

The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...

AZL-44454 CVE-2024-4067 affecting package js-jquery 3.5.0-4

The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...

CVE-2024-4067

The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...

CVE-2024-4067

The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...

UBUNTU-CVE-2024-4067

The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...

CVE-2024-4067

CVE-2024-4067 affects the NPM package micromatch prior to 4.0.8. The vulnerability is in micromatch.braces() in index.js, where the pattern .* can cause extreme backtracking (ReDoS) as input grows, leading to hangs or slowdowns. A fix was merged and the issue is noted as mitigated by upgrading to...

CVE-2024-4067 Regular Expression Denial of Service in micromatch

The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...

Credential Exposure

gradio is vulnerable to Credential Exposure. The vulnerability is caused by a lack of strict pattern validation in determining network or file paths in the startswithprotocol function, which can lead to the exposure of sensitive information through incorrect interpretation of network or file path...

SUSE CVE-2024-26958

In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------ cut here ------------ refcountt: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28...

SUSE CVE-2024-27078

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpgalloc In tpgalloc, resources should be deallocated in each and every error-handling paths, since they are allocated in for statements. Otherwise there would be memleaks because tpgfree is...

CVE-2024-3854

CVE-2024-3854 is a memory-safety issue in the Firefox/Thunderbird code path where the JIT optimizer mishandles certain switch statements, generating out-of-bounds reads. Affected are Firefox <125, Firefox ESR <115.10, and Thunderbird