13 matches found
GHSA-95FX-JJR5-F39C jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder
Impact User control of the first argument of the addImage method results in Denial of Service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP file...
jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder
Impact User control of the first argument of the addImage method results in Denial of Service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP file...
Access Control Bypass
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Access Control Bypass via a permissive permission check in attachment.php. An attacker can gain unauthorized access to download attachments by exploitin...
CVE-2021-41171
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper enforcement of the SIGHASH value in the signature verification process. An attacker can submit non-compliant signatures that are incorrectly accepted as valid by providing...
EUVD-2022-0366
Malicious code in bioql PyPI...
CVE-2024-53949 Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled
Improper Authorization vulnerability in Apache Superset when FABADDSECURITYAPI is enabled disabled by default. Allows for lower privilege users to use this API. issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue...
CVE-2024-53949 Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled
Improper Authorization vulnerability in Apache Superset when FABADDSECURITYAPI is enabled disabled by default. Allows for lower privilege users to use this API. issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue...
CVE-2023-6893
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input...
PT-2023-32803 · Hikvision · Hikvision Intercom Broadcasting System
Name of the Vulnerable Software and Affected Versions: Hikvision Intercom Broadcasting System versions 3.0.3 20201113 RELEASEHIK through 3.0.3 20201113 RELEASEHIK Description: A vulnerability was found in the Hikvision Intercom Broadcasting System, affecting some unknown functionality of the file...
CVE-2022-4524
A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.0.x. Affected is the function languageattributes of the file src/Modules/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack...
PYSEC-2022-43018
WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set dirbrowser.enable = Fal...
PT-2022-26136 · Wsgidav · Wsgidav
Name of the Vulnerable Software and Affected Versions: WsgiDAV versions prior to 4.1.0 Description: Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks. This issue occurs when untrusted data is displayed in the directory...