907650 matches found
GHSA-XXX9-3XCR-GJJ3 XML Injection in Xerces Java affects Nokogiri
Summary Nokogiri v1.13.4 updates the vendored xerces:xercesImpl from 2.12.0 to 2.12.2, which addresses CVE-2022-23437. That CVE is scored as CVSS 6.5 "Medium" on the NVD record. Please note that this advisory only applies to the JRuby implementation of Nokogiri = v1.13.4. Impact CVE-2022-23437 in...
CVE-2020-27511
An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service ReDOS through stripping crafted HTML tags...
ASB-A-140256621
In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. This could lead to local escalation of privilege that allows instant apps access to permissions not allowed for instant apps, with no additional execution privileges...
BIT-GITLAB-2024-7554 Exposure of Sensitive Information to an Unauthorized Actor in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specif...
BIT-GITLAB-2024-7610 Uncontrolled Resource Consumption in GitLab
A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch...
GO-2024-3023 Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server...
CVE-2024-24752 Bref Uploaded Files Not Deleted in Event-Driven Functions
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...
PYSEC-2022-217
The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...
GHSA-GWFG-CQMG-CF8F WEBRick vulnerable to HTTP Request/Response Smuggling
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...
GHSA-C3H9-896R-86JM Improper Input Validation in GoGo Protobuf
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue...
GHSA-MR6H-CHQP-P9G2 SQL Injection in gogs.io/gogs
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues...
GHSA-V73W-R9XG-7CR9 Use of insecure jQuery version in OctoberCMS
Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Patches Issue has been patched in Build 466 v1.0.466 by applying the recommended patch from @jquery. Workarounds Apply...
MAL-2025-36856 Malicious code in thunder-iris-jur448-project (npm)
The package thunder-iris-jur448-project was found to contain malicious code...
BIT-GITLAB-2023-6195 Server-Side Request Forgery (SSRF) in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image...
CVE-2022-44640
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center KDC...
GHSA-52VJ-MR2J-F8JH Server-Side Template Injection in formio
A Server-Side Template Injection SSTI was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and on...
GHSA-M2H2-264F-F486 angular vulnerable to regular expression denial of service (ReDoS)
AngularJS lets users write client-side web applications. The package angular after 1.7.0 is vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very...
DSA-5127-1 linux - security update
Bulletin has no description...
GHSA-H58V-G3Q6-Q9FX Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu
Impact What kind of vulnerability is it? Who is impacted? It is an issue when input HTML into the Tag name. The HTML is execute when the tag name is listed in the auto complete form. Only admin users are affected and only admin users can create tags. Patches Has the problem been patched? What...
GHSA-VPVM-3WQ2-2WVM Opencontainers runc Incorrect Authorization vulnerability
runc 1.0.0-rc95 through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue...
DSA-5022-1 apache-log4j2 - security update
Bulletin has no description...
GHSA-64X2-GQ24-75PV Cross-site scripting in Apache CXF
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting XSS attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This...
BIT-APACHE-2020-35452 mod_auth_digest possible stack overflow by one nul byte
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...
CVE-2022-26691
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges...
GSD-2022-1000204 PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
PCI: pciehp: Fix infinite loop in IRQ handler upon power fault This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.97 by commit...
GHSA-3QPM-H9CH-PX3C Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library
Summary The version used of Log4j, the library used for logging by PowerNukkit, is subject to a remote code execution vulnerability via the ldap JNDI parser. It's well detailed at CVE-2021-44228 and CVE-2021-45105https://github.com/advisories/GHSA-p6xc-xr62-6r2g. Impact Malicious client code coul...
GHSA-8Q59-Q68H-6HV4 Improper Input Validation in PyYAML
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...
CVE-2018-7889
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
DSA-2627-1 nginx - information leak
Bulletin has no description...
CVE-2025-43903
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries...
DLA-3973-1 redis - security update
Bulletin has no description...
GO-2024-2687 HTTP/2 CONTINUATION flood in net/http
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
GHSA-RJ98-CRF4-G69W pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user
pgAdmin prior to version 8.4 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is...
MAL-2022-2944 Malicious code in extraneous-detected (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c37443660cc0f4d7112c362734a5370d76c45d1444f9ae76efbac3b4bbed71e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PYSEC-2021-857
Buffer overflow in the arrayfrompyobj function of fortranobject.c in NumPy 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values...
CVE-2024-24819 icingaweb2-module-incubator base implementation for HTML forms is susceptible to CSRF
icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class gipfl\Web\Form is the base for various concrete form implementations 1 and provides protection against cross site request forgery CSRF by default. This is done by automatically...
GHSA-6M9F-PJ6W-W87G Rancher Webhook is misconfigured during upgrade process
Impact A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. When the Webhook is operating in a degraded state, it no...
RUSTSEC-2021-0056 CA certificate check bypass with X509_V_FLAG_X509_STRICT
The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...
BIT-GITLAB-2024-6324 Inefficient Algorithmic Complexity in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics...
ASB-A-343727534
In dstnegativeadvice of sock.h, there is a possible failure to clear sk-skdstcache in the correct order resulting in a use after free. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-24573 facileManager Privilege Escalation via Mass Assignment
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...
CVE-2022-30699
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue...
ASB-A-141745510
In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-2867 Improper Control of Generation of Code ('Code Injection') in GitLab
An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...
BIT-GITLAB-2024-8180 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled...
GHSA-G3CH-RX76-35FX vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code...
BIT-PYTHON-2022-42919
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network...
BIT-APACHE-2020-13938 Improper Handling of Insufficient Privileges
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows...
BIT-APACHE-2023-31122 Apache HTTP Server: mod_macro buffer over-read
Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57...
GHSA-5HM8-VH6R-2CJQ CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection
Impact This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a subdomain site e.g., https://a.example.com/ of the target site e.g.,...