Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to insufficient bounds checking on the authorization header. An attacker can cause excessive memory allocation by sending specially crafted requests, potentially leading to servic...

CVE-2023-27472

quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised XSS vulnerability. Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag ...

Design/Logic Flaw

quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised XSS vulnerability. Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag ...

CVE-2023-27472 HTML tags in entity names in the tree view are not sanitised in quickentity-editor-next

quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised XSS vulnerability. Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag ...

SUSE CVE-2021-20291

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code...

CVE-2021-20291

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code...

Mediawiki security bypass vulnerability (CNVD-2018-10132)

MediaWiki is a free and free web-based Wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in Mediawiki versions prior to 1.28.1, 1.27.2...

Mediawiki Arbitrary Code Execution Vulnerability

MediaWiki is a free and free web-based Wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in Mediawiki versions prior to 1.28.1 and pri...

CVE-2017-0366

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration...

Information disclosure

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext...

Xxe

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites...

DEBIAN-CVE-2017-0362

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token...

[ASA-201704-3] mediawiki: multiple issues

Arch Linux Security Advisory ASA-201704-3 ========================================= Severity: High Date : 2017-04-07 CVE-ID : CVE-2017-0361 CVE-2017-0362 CVE-2017-0363 CVE-2017-0364 CVE-2017-0365 CVE-2017-0366 CVE-2017-0367 CVE-2017-0368 CVE-2017-0369 CVE-2017-0370 CVE-2017-0372 Package : mediawi...

DirectAdmin 1.28/1.29 CMD_TICKET type Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

DirectAdmin 1.28/1.29 - 'CMD_FTP_SHOW' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in th...