750 matches found
BIT-DISCOURSE-2022-46150 Discourse may allow exposure of hidden tags in the subject of notification emails
Discourse is an open-source discussion platform. Prior to version 2.8.13 of the stable branch and version 2.9.0.beta14 of the beta and tests-passed branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue...
BIT-HELM-2021-21303 Injection attack in Helm
Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted...
GHSA-JR83-M233-GG6P Sulu grants access to pages regardless of role permissions
Impact What kind of vulnerability is it? Who is impacted? Access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. Patches Has the problem been patched? What versions...
Deserialization Gadget chain in Swift Mailer dependancy
Summary Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. Details This vulnerability present no direct threat but is a vector that will enable remote code executio...
Advancing Cybersecurity Management With Qualys Cloud Agent
In the first part of our series, we discussed the significant enhancements in Reduced Activity Periods RAP and Enhanced Capabilities for VDI in the Qualys Cloud Agent. In this second part of the series, we continue our exploration into the other two pivotal enhancements of this upgrade: 1. Agent...
git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree
A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other...
nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2024-23345 via nautobot (>=1.0.3 <=1.5.16)
nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2024-23345 Source advisory: OSV:GHSA-V4XV-795H-RV4H...
Atlassian JIRA Service Desk < 4.20.28 / 5.4.x < 5.4.12 / 5.5.x < 5.11.3 / 5.12.0 (JSDSERVER-14872)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14872 advisory. - org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogir...
GitLab < 15.6.7 (SECURITY-RELEASE-GITLAB-15-8-1-RELEASED)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue...
Git: Multiple Vulnerabilities
Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details...
Input validation
Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub...
GitLab 8.17 < 16.4.4 / 16.5 < 16.5.4 / 16.6 < 16.6.2 (CVE-2023-3511)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was...
OESA-2023-1900 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker...
Information disclosure
fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...
UBUNTU-CVE-2023-49081
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
PYSEC-2023-250
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
CVE-2023-49081
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
Design/Logic Flaw
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
CVE-2023-49081
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
CVE-2023-49081 aiohttp's ClientSession is vulnerable to CRLF injection via version
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...