Lucene search
K

63 matches found

NVD
NVD
added 2023/11/06 12:15 a.m.44 views

CVE-2023-47271

PKP-WAL aka PKP Web Application Library or pkp-lib before 3.3.0-16, as used in Open Journal Systems OJS and other products, does not verify that the file named in an XML document used for the native import/export plugin is an image file, before trying to use it for an issue cover image...

5.3CVSS5.3AI score0.00618EPSS
Exploits2References3
Prion
Prion
added 2023/11/06 12:15 a.m.23 views

Design/Logic Flaw

PKP-WAL aka PKP Web Application Library or pkp-lib before 3.3.0-16, as used in Open Journal Systems OJS and other products, does not verify that the file named in an XML document used for the native import/export plugin is an image file, before trying to use it for an issue cover image...

5CVSS7.1AI score0.00618EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2023/11/05 12:0 a.m.25 views

CVE-2023-47271

PKP-WAL aka PKP Web Application Library or pkp-lib before 3.3.0-16, as used in Open Journal Systems OJS and other products, does not verify that the file named in an XML document used for the native import/export plugin is an image file, before trying to use it for an issue cover image...

5.3CVSS7.1AI score0.00618EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2023/11/05 12:0 a.m.14 views

CVE-2023-47271

PKP-WAL aka PKP Web Application Library or pkp-lib before 3.3.0-16, as used in Open Journal Systems OJS and other products, does not verify that the file named in an XML document used for the native import/export plugin is an image file, before trying to use it for an issue cover image...

7.2AI score0.00618EPSS
Exploits2References3
CVE
CVE
added 2023/11/05 12:0 a.m.64 views

CVE-2023-47271

PKP-WAL (pkp-lib) before 3.3.0-16, used in OJS and related products, fails to verify that a file named in an XML document (Native Import/Export plugin) is an image before using it as an issue cover image. The issue stems from PKPNativeFilterHelper::parsePublicationCover() in the NativeImportExpor...

5.3CVSS5.2AI score0.00618EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2023/11/05 12:0 a.m.42 views

CVE-2023-47271

PKP-WAL aka PKP Web Application Library or pkp-lib before 3.3.0-16, as used in Open Journal Systems OJS and other products, does not verify that the file named in an XML document used for the native import/export plugin is an image file, before trying to use it for an issue cover image...

5.6AI score0.00618EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2023/10/25 6:17 p.m.6 views

CVE-2023-46396

Audimex 15.0.0 is vulnerable to Cross Site Scripting XSS in /audimex/cgi-bin/wal.fcgi via company parameter search filters...

5.4CVSS5.8AI score0.00431EPSS
Exploits1References2
OSV
OSV
added 2023/10/25 6:17 p.m.4 views

CVE-2023-46396

Audimex 15.0.0 is vulnerable to Cross Site Scripting XSS in /audimex/cgi-bin/wal.fcgi via company parameter search filters...

5.4CVSS5.8AI score0.00431EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.3 views

SUSE CVE-2020-15112

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime...

5.3CVSS7.7AI score0.01256EPSS
Exploits0References11
OSV
OSV
added 2023/02/07 10:59 p.m.37 views

GHSA-P4G4-WGRH-QRG2 Panic due to malformed WALs in go.etcd.io/etcd

Vulnerability type Data Validation Detail The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant tryi...

3.7CVSS6.9AI score0.01291EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2023/02/07 10:59 p.m.50 views

Panic due to malformed WALs in go.etcd.io/etcd

Vulnerability type Data Validation Detail The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant tryi...

6.5CVSS6.8AI score0.01291EPSS
Exploits0References9Affected Software1
Openbugbounty
Openbugbounty
added 2022/11/05 4:22 a.m.9 views

wal-tom.pl Cross Site Scripting vulnerability OBB-3036845

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/10/06 11:3 p.m.29 views

etcd's WAL `ReadAll` method vulnerable to an entry with large index causing panic

Vulnerability type Data Validation Detail In the ReadAll method in wal/wal.go, it is possible to have an entry index greater then the number of entries. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime...

6.5CVSS6.9AI score0.01256EPSS
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/10/06 12:0 a.m.10 views

etcd user credentials are stored in WAL logs in plaintext

The etcd assumes that the on disk files are secure. The possible fixes have been provided, however, it is the responsibility of the etcd users to make sure that the etcd server WAL log files are secure...

3.4AI score
Exploits0References2Affected Software1
OSV
OSV
added 2022/09/22 3:16 p.m.5 views

USN-5628-2 etcd vulnerabilities

USN-5628-1 fixed vulnerabilities in etcd. This update provides the corresponding updates for Ubuntu 18.04 ESM. Original advisory details: It was discovered that etcd incorrectly handled certain specially crafted WAL files. An attacker could possibly use this issue to cause a denial of service...

7.7CVSS7AI score0.01291EPSS
Exploits0References5
OSV
OSV
added 2022/09/22 1:38 p.m.7 views

USN-5628-1 etcd vulnerabilities

It was discovered that etcd incorrectly handled certain specially crafted WAL files. An attacker could possibly use this issue to cause a denial of service. CVE-2020-15106, CVE-2020-15112 It was discovered that etcd incorrectly handled directory permissions when trying to create a directory that...

7.7CVSS6.9AI score0.01291EPSS
Exploits0References5
OSV
OSV
added 2021/09/02 5:17 p.m.32 views

GHSA-VRMR-F2QH-3HHF Improper use of cryptographic key in wal-g

WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...

7.5CVSS7.5AI score0.00834EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/09/02 5:17 p.m.39 views

Improper use of cryptographic key in wal-g

WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...

7.5CVSS7.3AI score0.00834EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2021/08/13 2:48 a.m.19 views

Information Disclosure

github.com/wal-g/wal-g is vulnerable to information disclosure. The vulnerability exists when user uses libsodium encryption for their backup files which is not available but are silently processed and uploaded as plaintext...

7.5CVSS1.3AI score0.00834EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/08/12 4:15 p.m.15 views

CVE-2021-38599

WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...

7.5CVSS0.00834EPSS
Exploits0References2
Rows per page
Query Builder