24 matches found
EUVD-2011-4239
Malware in sbrugna...
Red Hat Enterprise Linux SEoL (2.1.x)
According to its version, Red Hat Enterprise Linux is 2.1.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL...
Checkmk 2.0.x < 2.0.p36, 2.1.x < 2.1.0p28 Command Injection Vulnerability
Checkmk is prone to a command injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; if...
Checkmk 2.1.x < 2.1.0p28 Information Disclosure Vulnerability
Checkmk is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; if...
CVE-2020-5410
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
CVE-2020-5410
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
Knockout.js 2.1.x < 3.0.0 Cross-site Scripting
According to its self-reported version number, Knockout.js is 2.1.x prior to 3.0.0. Therefore, it may be affected by a cross-site scripting vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source...
Red Hat JBoss ON Unauthorized Access Vulnerability
Red Hat JBoss ON is the United States Red Hat Red Hat, an open source Java network management software. The software is mainly used to develop, test, deploy and monitor the application life cycle An unauthorized access vulnerability exists in Red Hat JBoss ON version 2.1.x prior to 2.1.2 SP1, whi...
PT-2019-7486 · Pippin Williamson · Easy Digital Downloads
Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads EDD versions 1.8.x through 1.8.6 Easy Digital Downloads EDD versions 1.9.x through 1.9.9 Easy Digital Downloads EDD versions 2.0.x through 2.0.4 Easy Digital Downloads EDD versions 2.1.x through 2.1.10 Easy Digital...
PT-2019-7488 · Pippin Williamson · Easy Digital Downloads
Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads EDD versions 1.8.x through 1.8.6 Easy Digital Downloads EDD versions 1.9.x through 1.9.9 Easy Digital Downloads EDD versions 2.0.x through 2.0.4 Easy Digital Downloads EDD versions 2.1.x through 2.1.10 Easy Digital...
Improper input validation in Apache Santuario XML Security for Java
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
UBUNTU-CVE-2019-12400
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
SQL Injection in Django
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...
GHSA-4X49-W62V-76Q7 Path Traversal in Spring Cloud Config
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...
CVE-2019-3799
The CVE-2019-3799 entries describe a Local File Inclusion/Directory Traversal vulnerability in Spring Cloud Config Server. Affected versions are Spring Cloud Config Server 2.1.x before 2.1.2, 2.0.x before 2.0.4, and 1.4.x before 1.4.6, plus older unsupported releases. An unauthenticated attacker ...
Uncontrolled Memory Consumption in Django
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format function...
PYSEC-2019-169
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1...
Spoofing
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...
CVE-2012-6098
grade/edit/outcome/editform.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into...
Xxe
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection attack...