5 matches found
Arbitrary Code Injection
Overview @tinacms/cli is a package used to set up your project with Tina Cloud configuration, and run a local version of the Tina Cloud content-api. Affected versions of this package are vulnerable to Arbitrary Code Injection through the addVariablesToCode/makeFieldsWithInternalCode process in...
PT-2026-28368
Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3 Description If the auth username chars setting is empty, an attacker can inject arbitrary LDAP filters into Dovecot's LDAP authentication process. This can bypass restrictions and allow probing of the LDAP...
PT-2026-28366
Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3 Description An attacker can send a crafted message before authentication, leading to excessive memory allocation within the managesieve component. This can cause the managesieve-login process to crash, potential...
PT-2022-17983 · Apache · Apache Shenyu
Name of the Vulnerable Software and Affected Versions: Apache ShenYu incubating versions 2.4.0 through 2.4.2 Description: The issue arises from the use of Pattern.matches in RegexPredicateJudge.java, where both parameters are controllable by the user. This allows an attacker to pass in malicious...
PT-2022-1362 · Expat +12 · Expat +12
Name of the Vulnerable Software and Affected Versions: Expat aka libexpat versions prior to 2.4.3 Description: The issue is related to an integer overflow in the addBinding function of the Expat library. This could allow a remote attacker to execute arbitrary code on the system by persuading a...