7 matches found
ERPNext 代码问题漏洞
ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to 15.106.0 and 16.16.0 of ERPNext contained code vulnerabilities. These vulnerabilities stemmed from the ability for malicious users to send specially crafted requests t...
CVE-2024-53990 AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...
CVE-2024-53990
The CVE-2024-53990 issue affects the AsyncHttpClient (AHC) library where an auto-enabled CookieStore silently replaces cookies with the same name from the cookie jar. This can cause cookies from one user to be used in another user’s requests, creating potential unauthorized data exposure in multi...
Yelp: no rate limit in forgot password session
A little bit about Rate Limit: A rate limiting algorithm is used to check if the user session or IP-address has to be limited based on the information in the session cache. In case a client made too many requests within a given timeframe, HTTP-Servers can respond with status code 429: Too Many...
SUSE-SU-2022:2866-1 Security update for systemd-presets-common-SUSE
This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products bsc1199524. The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SU...
Gitblit 安全漏洞
Gitblit is an open source, pure Java Git solution from Gitblit for managing, viewing and provisioning Git repositories. A security vulnerability exists in Gitblit version 1.9.2, which can be exploited by an attacker to elevate privileges by configuring user services...
The vulnerability of the Advanced UI interface of Oracle WebCenter Sites for online user services allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Advanced UI interface of Oracle WebCenter Sites for online user services is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information using the HTTP...