PYSEC-2024-201

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on...

Unverified Password Change

Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to Unverified Password Change due to improper authentication in the settings interface. An attacker can gain unauthorized access to API keys and potentially disrupt system operations ...

CVE-2024-30257 1Panel's password verification is suspected to have a timing attack vulnerability

1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts...

CVE-2024-30257 1Panel's password verification is suspected to have a timing attack vulnerability

1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts...

PT-2024-3101 · 1Panel · 1Panel

Name of the Vulnerable Software and Affected Versions: 1Panel versions prior to 1.10.3-lts Description: The issue is related to the password verification in the source code of 1Panel, which uses the != symbol instead of hmac.Equal. This may lead to a timing attack vulnerability, potentially...

IBM Security Guardium Data Encryption 安全漏洞

IBM Security Guardium Data Encryption is a software from International Business Machines IBM that is used to secure sensitive data within an organization. The software protects assets located in cloud, virtual, big data and physical environments by controlling access to databases, files,...

SUSE CVE-2017-5837

The gstriffcreateaudiocaps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service floating point exception and crash via a crafted video file...

SUSE CVE-2018-17439

An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5Sextentgetdims in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file...

SUSE CVE-2022-2301

Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3...

DEBIAN-CVE-2022-2301

Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3...

CVE-2022-2301

Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3...

PT-2022-20232 · Hashicorp · Hashicorp Vault +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 1.10.0 through 1.10.2 Description: The issue is related to the improper configuration and enforcement of multi-factor authentication MFA on login after server restarts, specifically affecting the...

libsixel 代码问题漏洞

libsixel is a package that provides an encoding/decoding implementation for DEC SIXEL graphics and other converter programs. libsixel has a denial of service vulnerability in v1.10.3 and earlier, which stems from a NULL pointer dereference in libsixel's stbimage.h component, and can be exploited ...

Streama 跨站请求伪造漏洞

Streama is a self-hosted streaming media server. A cross-site request forgery vulnerability exists in Streama that stems from the product not performing reasonable checks when uploading local files. The vulnerability can be exploited to upload arbitrary files to the server.Streama v1.10.3 and...

UBUNTU-CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...

DEBIAN-CVE-2018-11803

Subversion's moddavsvn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation...

HDF5 divide by zero error vulnerability (CNVD-2019-03442)

HDF5 is a free suite of tools for managing the storage of different types of data that can be managed, manipulated, viewed, analyzed, and generated in portable formats. A divide-by-zero error vulnerability exists in the 'applyfilters' function of the h5repackfilters.c file in HDF51.10.3 and earli...

HDF5 heap buffer overflow vulnerability (CNVD-2018-20772 )

HDF5 is a free suite of tools for managing the storage of different types of data that can be managed, manipulated, viewed, analyzed, and generated in portable formats. A heap buffer overflow vulnerability exists in the 'ReadGifImageDesc' function of the gifread.c file in HDF5 1.10.3 and earlier...

CVE-2018-17435

A heap-based buffer over-read in H5Oattrdecode in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file...

PT-2018-1923 · Hdf +2 · Hdf5 +2

Name of the Vulnerable Software and Affected Versions: HDF5 versions 1.10.3 and earlier Description: A SIGFPE signal is raised in the apply filters function of h5repack filters.c due to incorrect protection against division by zero when parsing a crafted HDF file. This could allow a remote denial...