366254 matches found
CVE-2024-23672 Apache Tomcat: WebSocket DoS with incomplete closing handshake
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from...
CVE-2024-22100 MicroDicom DICOM Heap-based Buffer Overflow
MicroDicom DICOM Viewer versions 2023.3 Build 9342 and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. A user must open a malicious DCM file in order to exploit the vulnerability...
CVE-2024-1346 Weak MySQL database root password in LaborOfficeFree
Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants...
CVE-2023-6152
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verifyemailenabled" will only validate email only on sign up...
CVE-2023-5679 Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution
A bad interaction between DNS64 and serve-stale may cause named to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through...
CVE-2023-6231
Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and...
CVE-2024-24680
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings...
CVE-2024-22193 vantage6 unencrypted task can be created in encrypted collaboration
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a tas...
CVE-2024-23656 Dex 2.37.0 is discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. cmd/dex/serve.go line 425 seemingly sets TLS 1.2 as minimum version, but the whole tlsConfig is ignored after TLS cert reloader was introduced in...
CVE-2024-21641 Flarum's Logout Route allows open redirects
Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...
CVE-2023-50714 The Oauth2 PKCE implementation is vulnerable
yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the authCodeVerifier should be removed after usage similar to authStat...
CVE-2023-49797 Local Privilege Escalation in pyinstaller on Windows
PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if...
CVE-2023-42364
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function...
CVE-2023-22392 Junos OS: PTX Series and QFX10000 Series: Received flow-routes which aren't installed as the hardware doesn't support them, lead to an FPC heap memory leak
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service DoS. PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 wit...
CVE-2023-45648 Apache Tomcat: Trailer header parsing too lenient
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomca...
CVE-2023-43651 Remote code execution on the host system via MongoDB shell in jumpserver
JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provid...
CVE-2023-41037 Cleartext Signed Message Signature Spoofing in openpgpjs
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorit...
CVE-2023-36344
An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature...
CVE-2023-36830 SQLFluff vulnerability for users with access to config file, using `library_path` to call arbitrary python code.
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...
CVE-2023-36053
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...
CVE-2023-34239 Unfiltered paths in gradio
Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in...
CVE-2023-3096 KylinSoft kylin-software-properties changedSource access control
A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the...
CVE-2023-23956
A user can supply malicious HTML and JavaScript code that will be executed in the client browser...
CVE-2023-30470
A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Herme...
CVE-2023-28128
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution...
CVE-2022-40302
An issue was discovered in bgpd in FRRouting FRR through 8.4. By crafting a BGP OPEN message with an option of type 0xff Extended Length from RFC 9072, attackers may cause a denial of service assertion failure and daemon restart, or out-of-bounds read. This is possible because of inconsistent...
CVE-2023-31285
An XSS issue was discovered in Serenity Serene and StartSharp before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator user...
CVE-2023-27351
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper...
CVE-2023-30797 Insecure Random Generation in Netflix Lemur
Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur...
CVE-2023-29515 Cross-site scripting (XSS) in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can ...
CVE-2023-24927 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
...
CVE-2023-28647 App pin of the iOS app can be bypassed in Nextcloud iOS
Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In versions prior to 4.7.0 when an attacker has physical access to an unlocked device, they may enable the integration into the iOS Files app and bypass the Nextcloud pin/password protection and gain...
CVE-2023-26497
An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125. Memory corruption can occur when processing Session Description Negotiation for Video Configuration Attribute...
CVE-2023-27598 OpenSIPS has vulnerability in the parse_via() function
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed Via header to OpenSIPS triggers a segmentation fault when the function calctagsuffix is called. A specially crafted Via header, which is deemed correct by the parser, will...
CVE-2022-3736 named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries
BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and...
CVE-2023-0315 Command Injection in froxlor/froxlor
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8...
CVE-2023-23589
The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002...
CVE-2022-3805 Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...
CVE-2022-39368 Californium Failing DTLS handshakes causes Data Loss due to throttling blocking processing of records
Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached...
CVE-2022-35984 `CHECK` fail in `ParameterizedTruncatedNormal` in TensorFlow
TensorFlow is an open source platform for machine learning. ParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
CVE-2022-33632 Microsoft Office Security Feature Bypass Vulnerability
...
CVE-2015-20107
In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...
CVE-2022-24787 Incorrect Comparison in Vyper
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
CVE-2022-24778 Incorrect Authorization in imgcrypt
The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function CheckAuthorization is supposed to check whether the current used is...
CVE-2022-24768 Improper access control allows admin privilege escalation in Argo CD
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting with 0.8.0 and 0.5...
CVE-2021-44226
Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there...
CVE-2021-45421
Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced...
CVE-2021-46669
MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint use-after-free when the BIGINT data type is used...
CVE-2021-20318
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...
CVE-2021-24931 Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an SQL injection...