BIT-HUBBLE-UI-BACKEND-2023-27594

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...

OESA-2024-1426 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions...

CVE-2024-21747

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CR...

CVE-2024-21747 WordPress WP ERP Plugin <= 1.12.8 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CR...

WordPress WP ERP Plugin <= 1.12.8 is vulnerable to SQL Injection

Software WP ERP Type Plugin Vulnerable versions = 1.12.8 Fixed in 1.12.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-21747 Patch priority Medium CVSS severity Medium 7.6 Developer Claim ownership PSID bff329846441 Credits Arvandy Required privilege Accounting Manager...

Cilium 日志信息泄露漏洞

Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. A logging information disclosure vulnerability exists in Cilium that stems from Cilium logging...

CVE-2023-27594

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...

CVE-2023-27594 Cilium vulnerable to potential network policy bypass when routing IPv6 traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...

PT-2023-21234 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.11.15 Cilium versions prior to 1.12.8 Cilium versions prior to 1.13.1 Description: Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...

dbus security update

1.12.8-23.0.1 - fix netlink poll: error 4 Zhenzhong Duan 1:1.12.8-23.1 - Fix CVE-2022-42010 2133644 - Fix CVE-2022-42011 2133638 - Fix CVE-2022-42012 2133632...

Incorrect Authorization

Overview std/net/url is a Go standard library package std/net/url Affected versions of this package are vulnerable to Incorrect Authorization. Go Vulnerability Report: The url.Parse function accepts URLs with malformed hosts, such that the Host field can have arbitrary suffixes that appear in...

Code injection

In affected versions of dojox NPM package, the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

AZL-78948 CVE-2019-14809 affecting package golang 1.25.7-1

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname nor Port, and is related to a non-numeric port number. For example, an...

Wireshark Pcapng File Parser Denial-of-Service Vulnerability (Nov 2015) - Mac OS X

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

Wireshark Pcapng File Parser Denial-of-Service Vulnerability (Nov 2015) - Windows

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...