17 matches found
GHSA-X57H-XX53-V53W stellar-xdr's StringM::from_str bypasses max length validation
Impact StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns an Ok value instead of ErrError::LengthExceedsMax, producing a StringM that violates its length invariant. This affec...
PT-2026-23612
Name of the Vulnerable Software and Affected Versions stellar-xdr versions prior to 25.0.1 Description The StringM::from str function does not properly validate the length of input strings. When calling StringM::::from strs with a string s exceeding the maximum allowed length N, the function...
CVE-2025-13096 XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow -
IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote...
GHSA-Q59J-VV4J-V33C NULL Pointer Dereference on moby image history
moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/imagehistory.go...
CVE-2024-36620
CVE-2024-36620 affects moby v25.0.0–v26.0.2. IBM notes a NULL pointer dereference in daemon/images/image_history.go (CWE-476), which can crash the daemon. Affected versions are moby 25.0.0–26.0.2. The provided documents do not include a direct vendor patch or remediation steps for moby; a related...
CVE-2023-34598
Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI where it's possible to include the content of several files present in the installation folder in the server's response...
CVE-2023-34598
Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI where it's possible to include the content of several files present in the installation folder in the server's response...
CVE-2023-34599
Multiple Cross-Site Scripting XSS vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code...
CVE-2023-34599
Multiple Cross-Site Scripting XSS vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code...
Cross site scripting
Multiple Cross-Site Scripting XSS vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code...
Design/Logic Flaw
Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI where it's possible to include the content of several files present in the installation folder in the server's response...
CVE-2023-34598
Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI where it's possible to include the content of several files present in the installation folder in the server's response...
CVE-2023-34599
Multiple Cross-Site Scripting XSS vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code...
CVE-2023-34599
Multiple Cross-Site Scripting XSS vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code...
CVE-2023-34598
Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI where it's possible to include the content of several files present in the installation folder in the server's response...
CVE-2023-34598
Gibbon v25.0.0 is affected by a Local File Inclusion (LFI) vulnerability that allows the server to include content from files within the installation folder in responses. Root cause: unsafely including local files via request handling. Impact: potential exposure of sensitive files; risk escalatio...
CVE-2023-34599
Gibbon v25.0.0 is affected by multiple Cross-Site Scripting (XSS) vulnerabilities corresponding to CVE-2023-34599. The issue allows attackers to inject arbitrary JavaScript into pages viewed by users, with impact described as enabling script execution and potential data leakage or defacement. The...