16 matches found
CVE-2026-41491 Dapr: Service Invocation path traversal ACL bypass
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before 1.17.5, a vulnerability has been found in Dapr that allows bypassing access control policies for...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...
CVE-2023-5973
Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display...
Truncated port name (CVE-2023-5973)
Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display. Note: The vulnerability doesn...
DEBIAN-CVE-2021-42375
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input...
Command injection
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input...
CVE-2021-42375
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input...
PT-2021-23604 · Busybox +3 · Busybox +3
Name of the Vulnerable Software and Affected Versions: Busybox affected versions not specified Description: An issue in Busybox's ash applet causes a denial of service when it processes a specially crafted shell command. This happens because the shell incorrectly identifies certain characters as...
Rockwell Automation ISaGRAF 路径遍历漏洞
Rockwell Automation ISaGRAF is an automation software technology for creating integrated automation solutions from Rockwell Automation. It is designed to be scalable and portable and is suitable for developing small controllers and large distributed automation systems. A security vulnerability...
GHSA-JGMR-WRWX-MGFJ Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ?startingWith?, ?endingWith? or ?containing? could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...
Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ?startingWith?, ?endingWith? or ?containing? could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...
Input validation
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...
Information Disclosure
spring-data-jpa is vulnerable to information disclosure. Derived queries using any of the predicates startingWith, endingWith or containing could return more results than anticipated when a maliciously crafted query parameter value is supplied. LIKE expressions in manually defined queries could...
CVE-2019-3797
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...