PT-2023-29846 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions 3.2.2 and prior Description: The issue allows a local attacker to obtain sensitive buffer information through the use of an uninitialized resource. Recommendations: For OpenHarmony versions 3.2.2 and prior, at the moment,...

PT-2023-20110 · WordPress · Jch Optimize

Name of the Vulnerable Software and Affected Versions: JCH Optimize plugin versions 3.2.2 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects the JCH Optimize plugin. This vulnerability requires authentication with admin+ privileges...

SUSE CVE-2008-5917

Cross-site scripting XSS vulnerability in the XSS filter framework/TextFilter/Filter/xss.php in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes...

SUSE CVE-2012-1098

Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...

SUSE CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

Teleport 安全漏洞

Teleport is an identity-aware, multi-protocol access agent from Teleport, Inc. Used by engineers and security professionals to unify access to SSH servers, Kubernetes clusters, web applications and databases across all environments. A security vulnerability exists in Teleport versions v3.2.2,...

DEBIAN-CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

PT-2022-2029

Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions Description The issue is related to a remote code execution vulnerability in Spring Cloud Function when using routing functionality. It is possible for a user to provid...

Django 路径遍历漏洞

Django is the Django Foundation's set of Python-based language open source Web application framework . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2 before 2.2.26, 3.2.11 before 3.2.2, and 4.0.1 before 4.0.0 contains a path traversal...

ALPINE-CVE-2020-7774

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution...

Yargs Y18n Input Validation Error Vulnerability

Yargs Y18n is an I18n-like codebase written in Js by the individual developers of Yargs. An input validation error vulnerability exists in Yargs Y18n before versions 3.2.2, 4.0.1 and 5.0.5, which arises from a networked system or product that does not properly validate input data...

PT-2019-14698 · Jenkins · Jenkins Spira Importer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Spira Importer Plugin versions 3.2.2 and earlier Description: The issue concerns the storage of credentials in the global configuration file on the Jenkins master. Credentials are stored unencrypted, allowing users with access to the...

CloudBees Jenkins Artifactory Plugin Unauthorized Access Vulnerability (CNVD-2019-23826)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Artifactory Plugin is used in one of the...

Red Hat oVirt Privilege Acquisition Vulnerability

Red Hat Ovirt is the United States Red Hat Red Hat company's set of open source virtualization management platform , is the RHEV enterprise virtualization platform of the open source version , by ovirt-node client and overt-engine management side . A security vulnerability exists in Red Hat oVirt...

Revive Adserver Unauthorized Operation Vulnerability

Revive Adserver is an open source ad management system from the Revive Adserver team. A security vulnerability in Revive Adserver versions prior to 3.2.2 can be exploited by remote attackers to perform restricted operations with the help of unexpired sessions established by deleted or disconnecte...

PYSEC-2015-26

Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...