53 matches found
GHSA-QF5V-RP47-55GG Path Traversal in file update API in gogs
Impact The malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. Patches Writing files outside repository Git directory has been prohibited via the repository file update API https://github.com/gogs/gogs/pull/7859. Users should upgrade to 0.13...
Path Traversal in file update API in gogs
Impact The malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. Patches Writing files outside repository Git directory has been prohibited via the repository file update API https://github.com/gogs/gogs/pull/7859. Users should upgrade to 0.13...
CVE-2024-55947 Gogs has a Path Traversal in file update API
Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1...
CVE-2024-55947
Gogs self-hosted Git service affected up to version 0.13.3. CVE-2024-55947 enables path traversal via the PutContents API, allowing writing files to arbitrary server paths and potentially SSH access. The issue is fixed in 0.13.1; later advisories (CNAs) discuss bypass attempts and continued scrut...
CVE-2024-55947 Gogs has a Path Traversal in file update API
Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1...
Execution with Unnecessary Privileges
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Execution with Unnecessary Privileges through the API endpoint http://0.0.0.0:3000/api/v1/memories/id/update. An attacker can modify other users' data without proper authorization. Remediation Upgrade...
WordPress plugin Reviews Feed 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-22652 · Dell · Dell Scg
Name of the Vulnerable Software and Affected Versions: Dell SCG versions prior to 5.24.00.00 Description: The issue is related to an Improper Access Control vulnerability in the SCG exposed for an internal update REST API. This API is only accessible if enabled by an Admin user from the UI. A...
PT-2024-18305 · WordPress · Contests By Rewards Fuel
Name of the Vulnerable Software and Affected Versions: Contests by Rewards Fuel plugin for WordPress versions up to, and including, 2.0.64 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attacke...
CVE-2022-46258
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability...
PT-2020-13474 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 13.1 through 13.3 Description: A potential DOS issue was discovered. The API to update an asset as a link from a release had a regex check which caused an exponential number of backtracks for certain user-supplied values,...
openSUSE Security Update : xen (openSUSE-2020-599)
This update for xen fixes the following issues : Security issues fixed : - CVE-2020-11742: Bad continuation handling in GNTTABOPcopy bsc1169392. - CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues bsc1168140. - CVE-2020-11739: Missing memory barriers in read-write unlock paths...
Cross site scripting
An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the update API documentation feature of the API Publisher...