CVE-2024-37885 Code injection in Nextcloud Desktop Client for macOS

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...

CVE-2024-36107 Information disclosure in minio

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...

CVE-2024-31309

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting proxy.config.http2.maxcontinuationframesperminute to limit the number of CONTINUATION frames...

CVE-2023-39358 Authenticated SQL injection vulnerability in reports_user.php in Cacti

Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the reportsuser.php file. In...

CVE-2022-23476 Unchecked return value from xmlTextReaderExpand in Nokogiri

Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri 1.13.8 and 1.13.9 fail to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash. This can lead to a null pointer exception when invalid markup is being parsed. Fo...

CVE-2022-24948

A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users...

CVE-2021-3345

gcrymdblockwrite in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later...

CVE-2020-17519

A change introduced in Apache Flink 1.11.0 and released in 1.11.1 and 1.11.2 as well allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users shou...

CVE-2020-8943

CVE-2020-8943 describes an arbitrary memory read vulnerability in the Asylo project, affecting versions up to 0.6.0. The root cause is an unchecked return size in enc_untrusted_recvfrom, allowing an untrusted attacker to read memory locations outside the intended buffer, including addresses withi...

Fedora 22 : drupal6-6.37-1.fc22 (2015-14444)

"Maintenance and security release of the Drupal 6 series. This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement: Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003 No other fixes are...

CentOS 6 : java-1.7.0-openjdk (CESA-2014:0406)

Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Comodo Internet Security Denial of Service Vulnerability-02

The host is installed with Comodo Internet Security and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbcomododosvuln02win.nasl 6104 2017-05-11 09:03:48Z teissa $ Comodo Internet Security Denial of Service Vulnerability-02 Authors: Arun Kallavi Copyright: Copyright ...

RedHat Update for thunderbird RHSA-2008:0105-01

Check for the Version of thunderbird OpenVAS Vulnerability Test RedHat Update for thunderbird RHSA-2008:0105-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Mantis: Multiple vulnerabilities

Background Mantis is a PHP/MySQL/Web based bugtracking system. Description Antonio Parata and Francesco Ongaro reported a Cross-Site Request Forgery vulnerability in manageusercreate.php CVE-2008-2276, a Cross-Site Scripting vulnerability in returndynamicfilters.php CVE-2008-3331, and an...