CVE-2024-47760 GLPI vulnerable to account takeover via API

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue...

CVE-2024-47758 GLPI vulnerable to account takeover without privilege escalation through the API

GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue...

CVE-2024-55601 Hugo does not escape some attributes in internal templates

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

freerdp: freerdp_image_copy out of bound read

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if nWidth == 0 and nHeight == 0. Version 3.5.1 contains a patch for the issue. No known workarounds are available...

DEBIAN-CVE-2024-50345

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class...

EulerOS 2.0 SP12 : vim (EulerOS-SA-2024-2793)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source command line text editor. Vim v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack...

GHSA-GP8F-8M3G-QVJ9 Next.js Cache Poisoning

Impact By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a...

CVE-2024-41964

Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's...

GHSA-Q6HG-6M9X-5G9C Evmos vulnerable to exploit of smart contract account and vesting

Summary This advisory board aims to describe two vulnerabilities found in the Evmos codebase: - Authorization check on the fundVestingAccount: unauthorized spend of funds. Details Authorization check on the fundVestingAccount With the current implementation, a user can create a vesting account wi...

GHSA-52XF-5P2M-9WRV s2n-tls has a potentially observable differences in RSA premaster secret handling

When receiving a message from a client that sent an invalid RSA premaster secret, an issue in s2n-tls results in the server performing additional processing when the premaster secret contains an incorrect client hello version. While no practical attack on s2n-tls has been demonstrated, this cause...

AZL-42076 CVE-2024-35176 affecting package rubygem-rexml for versions less than 3.2.7-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...

SUSE CVE-2024-31460

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in createallheadernodes function from lib/apiautomation.php , finally resulti...

SUSE CVE-2024-34340

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls compatpasswordhash when users set their password. compatpasswordhash use passwordhash if there is it, else use md5. When verifying password, it calls compatpasswordverify. In...

AZL-43053 CVE-2024-32465 affecting package git for versions less than 2.45.2-1

Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with git clone --no-local to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but...

CVE-2023-50718 NocoDB SQL Injection vulnerability

NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped tablename. This vulnerability may result in leakage of sensitive data in the database. Version 0.202....

GHSA-P72Q-H37J-3HQ7 dbt uses a SQLparse version with a high vulnerability

Summary Using a version of sqlparse that has a security vulnerability and no way to update in current version of dbt core. Snyk recommends using sqlparse==0.5 but this causes a conflict with dbt. Snyk states the issues is a recursion error: SNYK-PYTHON-SQLPARSE-6615674. Details Dependency conflic...

CVE-2024-28250 Cilium has possible unencrypted traffic between nodes when using WireGuard and L7 policies

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's...

BIT-TENSORFLOW-2022-36011 Null dereference on MLIR on empty function attributes in TensorFlow

TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. The fix will be included in...

GHSA-FQG8-VFV7-8FJ8 JSONata expression can pollute the "Object" prototype

Impact In JSONata versions = 1.4.0, = 2.0.0, = 1.8.7 and = 2.0.4. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. The following patch can be applied if updating is not possible. patch --- a/src/jsonata.js +++ b/src/jsonata.js @@ -1293,6 +1293,13 @@...

DEBIAN-CVE-2024-23836

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extrem...