Amazon Web Services Research and Engineering Studio 安全漏洞

Amazon Web Services Research and Engineering Studio is a cloud-based research and engineering environment of Amazon, Inc. There is a security vulnerability in the version of Amazon Web Services Research and Engineering Studio from March 2025 to December 1, 2025. This vulnerability stems from the...

EUVD-2022-35028

Malicious code in bioql PyPI...

SUSE CVE-2022-29243

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage,...

DEBIAN-CVE-2022-2787

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session...

schroot 安全漏洞

schroot is a software package. It is used to allow users to run commands or log into a shell in a chroot environment. A security vulnerability exists in the Debian schroot package. An attacker has exploited this vulnerability to bypass schroot's restrictions via Session Names in order to elevate...

Input validation

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage,...

CVE-2022-29243 Improper input-size validation on the user new session name in Nextcloud Server

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage,...

CVE-2022-29243 Improper input-size validation on the user new session name in Nextcloud Server

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage,...

Apache Livy Cross-site scripting (XSS) in session names

Livy server version 0.7.0-incubating only is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating...

GHSA-74QP-233X-P5J8 Apache Livy Cross-site scripting (XSS) in session names

Livy server version 0.7.0-incubating only is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating...

EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1984)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The geticudispvaluesrcphp function in ext/intl/locale/localemethods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not...

php: Session Data Injection Vulnerability

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection...

SUSE-SA:2006:031: PHP4,PHP5

The remote host is missing the patch for the advisory SUSE-SA:2006:031 PHP4,PHP5. This update fixes the following security issues in the PHP scripting language, both version 4 and 5: - Invalid characters in session names were not blocked. - CVE-2006-2657: A bug in zendhashdel allowed attackers to...

[slackware-security] php

New php packages are available for Slackware 10.2 and -current to fix security and other issues. More details about these issues may be found on the PHP website: http://www.php.net Here are the details from the Slackware 10.2 ChangeLog: patches/packages/php-4.4.3-i486-1slack10.2.tgz: Upgraded to...