94 matches found
CVE-2023-5226 Improper Control of Generation of Code ('Code Injection') in GitLab
An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to...
CVE-2023-5226 Improper Control of Generation of Code ('Code Injection') in GitLab
An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to...
CVE-2023-5226
Removed by vendor...
Race Condition
wiremock is vulnerable toa Race Condition. The vulnerability is due to the render function when DNS server's address expire between initial validation and an outbound network request, potentially leading to unintended access to prohibited domains...
GHSA-F7QW-JJ9C-RPQ9 In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Note The official templates of Lima, and the well-known third party products Colima, Rancher Desktop, and Finch are unlikely to be affected by this issue. Impact A virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is...
SUSE CVE-2012-3411
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service traffic amplification via a spoofed DNS query...
SUSE CVE-2022-46908
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE...
OESA-2023-1219 sqlite security update
SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications...
SQLite through 3.40.0 when relying on --safe for execution of an untrusted CLI script does not properly implement the azProhibitedFunctions protection mechanism and instead allows UDF functions such as WRITEFILE.
...
UBUNTU-CVE-2022-46908
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE...
SQLite 安全漏洞
SQLite is a lightweight database that is an ACID compliant relational database management system. A security vulnerability exists in SQLite 3.40.0 and prior versions that stems from not properly implementing the azProhibitedFunctions protection mechanism when relying on --safe to execute untruste...
GHSA-67MX-JC2F-JGJM OS Command Injection in file editor in Gogs
Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches File deletions are prohibited to repository...
Apple’s NeuralHash Algorithm Has Been Reverse-Engineered
Apples NeuralHash algorithm -- the one its using for client-side scanning on the iPhone -- has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed: Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the...
MediaWiki 信息泄露漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An information disclosure vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems...
CVE-2021-20676
M-System DL8 series type A DL8-A versions prior to Ver3.0, type B DL8-B versions prior to Ver3.0, type C DL8-C versions prior to Ver3.0, type D DL8-D versions prior to Ver3.0, and type E DL8-E versions prior to Ver3.0 allows remote authenticated attackers to bypass access restriction and conduct...
CVE-2021-20676
CVE-2021-20676 concerns the M-System DL8 series (types A–E) prior to firmware Ver3.0. The vulnerability allows remote authenticated attackers to bypass access restrictions and perform prohibited operations via unspecified vectors. Affected products include DL8-A/B/C/D/E before Ver3.0; impact is t...
CVE-2021-20676
M-System DL8 series type A DL8-A versions prior to Ver3.0, type B DL8-B versions prior to Ver3.0, type C DL8-C versions prior to Ver3.0, type D DL8-D versions prior to Ver3.0, and type E DL8-E versions prior to Ver3.0 allows remote authenticated attackers to bypass access restriction and conduct...
storiespace.com Cross Site Scripting vulnerability OBB-1377548
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
OS Command Injection
kylin-core-common is vulnerable to OS command injection. The vulnerability exists as it uses a regular expression which provided insufficient blacklist of characters, allowing prohibited characters to be interpreted and executed...
CVE-2009-3723
asterisk allows calls on prohibited networks...