SUSE CVE-2020-7754

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

JHipster Security Vulnerabilities

JHipster is an open source application generator that focuses on developing web applications and microservices using Angular or React and Spring Framework. A security vulnerability exists in JHipster Generator-jhipster version prior to 2.23.0, which stems from a timing attack allowed on...

PDF Block <= 1.1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-46358

In the module "Referral and Affiliation Program" referralbyphone version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate has sensitive SQL calls that can be executed with a trivial ht...

WP Font Awesome <= 1.7.9 - Contributor+ Stored Cross-Site Scripting via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back into the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admi...

the function _validateExecutionRequest checks the valid excutor account by the address of account given in call data instead of msg.sender which is realy easily exploitble

Lines of code Vulnerability details Impact the function validateExecutionRequest checks the valid excutor account by the address of account given in call data instead of msg.sender which is realy easily exploitable if you look at the function function validateExecutionRequestExecutionRequest...

WP Simple HTML Sitemap < 2.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Fedora 38 : python-configobj (2023-27b41bb133)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-27b41bb133 advisory. Fixes an issue in configobj: CVE-2023-26112 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

PT-2023-29703 · Torbot +1 · Torbot +1

Name of the Vulnerable Software and Affected Versions: Torbot versions prior to 4.0.0 Description: The issue concerns the torbot.modules.validators.validate link function, which uses the python-validators URL validation regex. This regular expression has exponential complexity, allowing an attack...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.323.8.2.el8 - netfilter: nfnetlinkosf: avoid OOB read Wander Lairson Costa Orabug: 35824307 - netfilter: xtsctp: validate the flaginfo count Wander Lairson Costa Orabug: 35824307 - netfilter: xtu32: validate user space input Wander Lairson Costa Orabug: 35824307 - netfilter: ipset: ad...

CVE-2023-40310

SAP PowerDesigner Client 16.7 is affected by an input validation weakness in BPMN2 XML imports from untrusted sources. The vulnerability allows URLs of external entities in the BPMN2 file to be accessed during import, potentially impacting availability. Root cause: insufficient validation of BPMN...

CVE-2023-21252

In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

Google Android Security Vulnerability

Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android that stems from a method in validatePassword in WifiConfigurationUtil.java that may cause the device to enter a boot loop due to improper input...

CLSA-2023-1696537325 Fix of 10 CVEs

SECURITY UPDATE: a heap-based buffer overflow - debian/patches/CVE-2018-25009.patch: add additional check to avoid read over the header - CVE-2018-25009 SECURITY UPDATE: a heap-based buffer overflow - debian/patches/CVE-2018-25010.patch: limit the filter size to not exceed the image dimensions -...

Jorani SQL Injection Vulnerability

Jorani is a leave management system developed by Benjamin BALET, an individual developer in France. It is designed to provide small organizations with a simple workflow for leave and overtime requests. A SQL injection vulnerability exists in Jorani version 1.0.0 that originates from allowing an...

GHSA-6F9P-G466-F8V8 blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API

Versions of the blamer package before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

Easy Admin Menu <= 1.3 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Schoolmate SQL Injection Vulnerability

Schoolmate is a PHP/MySQL solution for elementary, middle and high schools from mrmunkey22 Individual Developer. A security vulnerability exists in Schoolmate version 1.3, which was discovered to contain an SQL injection vulnerability via the $username variable of SESSION in ValidateLogin.php...

CVE-2023-2906

A vulnerability was found in Wireshark. This security issue occurs due to a failure to validate the length an attacker-crafted CP2179 packet provides. This flaw leaves Wireshark susceptible to a divide-by-zero problem, allowing a denial of service attack. Mitigation Mitigation for this issue is...

FreeImage Validate Method Denial of Service Vulnerability

FreeImage is a cross-platform open source library for supporting popular graphic image formats. A denial of service vulnerability exists in FreeImage, which stems from a stack exhaustion issue in the Validate method of the PluginRAW.cpp file. An attacker could exploit this vulnerability to cause ...