Code injection

Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1...

CVE-2021-32838

Flask-RESTX pypi package flask-restx is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS Regular Expression Denial of Service in emailregex. This is fixed in version 0.5.1...

Directory traversal

Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched in version 0.5.1...

CVE-2017-1000064

CVE-2017-1000064 affects kittoframework kitto version 0.5.1. The vulnerability is described as memory exhaustion in the router, leading to a denial of service. Connected sources consistently attribute the issue to kitto’s processing memory and do not provide a concrete patch or remediation detail...

CVE-2017-1000063

The CVE-2017-1000063 entry affects kitto framework (kitto version 0.5.1) and is caused by a cross-site scripting (XSS) flaw on the 404 page. The vulnerability enables remote attackers to inject malicious script/HTML, which can be used to steal sensitive information or hijack user sessions when vi...