908273 matches found
BIT-APACHE-2023-31122 Apache HTTP Server: mod_macro buffer over-read
Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57...
GHSA-36JR-MH4H-2G58 d3-color vulnerable to ReDoS
The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds...
GHSA-5HM8-VH6R-2CJQ CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection
Impact This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a subdomain site e.g., https://a.example.com/ of the target site e.g.,...
GHSA-JGJC-332C-8CMC SQL injection in phpMyAdmin
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature...
GO-2023-1623 Out-of-memory panic in github.com/crossplane/crossplane-runtime
An out of memory panic vulnerability exists in the crossplane-runtime libraries. Applications that use the Paved type's SetValue method with user-provided input that is not properly validated might use excessive amounts of memory and cause an out of memory panic. In the fieldpath package, the...
GHSA-7GGW-H8PP-R95R October CMS Session ID not invalidated after logout
Impact When logging out, the session ID was not invalidated. This is not a problem while the user is logged out, but as soon as the user logs back in the old session ID would be valid again; which means that anyone that gained access to the old session cookie would be able to act as the logged in...
PYSEC-2018-28
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network...
DSA-3489-1 lighttpd - security update
Bulletin has no description...
GHSA-HH82-3PMQ-7FRP Netty vulnerable to HTTP Response splitting from assigning header value iterator
Impact When calling DefaultHttpHeaders.set with an iterator of values as opposed to a single given value, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. Patches The necessary validation was added in Netty 4.1.86.Fina...
DSA-5197-1 curl - security update
Bulletin has no description...
MAL-2024-11033 Malicious code in dogwiftools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 072830cdf24f92d02ea5bb6ca4b9c474b7fa3a234ddfb1b98eaaccbc8cc06842 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-41878 Weak password of selenium VNC in MeterSphere
MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high...
DLA-3532-1 openssh - security update
Bulletin has no description...
GHSA-CCHQ-FRGV-RJH5 vm2 Sandbox Escape vulnerability
In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code. Impact Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. Patches None. Workarounds...
CVE-2021-44686
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service in htmlpreprocessrules in ebooks/conversion/preprocess.py...
BIT-GITLAB-2024-12431 Missing Authorization in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects...
GHSA-44WR-RMWQ-3PHW Craft CMS vulnerable to Remote Code Execution via validatePath bypass
Summary Bypassing the validatePath function can lead to potential Remote Code Execution Post-authentication, ALLOWADMINCHANGES=true Details In bootstrap.php, the SystemPaths path is set as below. php // Set the vendor path. By default assume that it's 4 levels up from here $vendorPath =...
CVE-2023-28371
In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...
GHSA-HM7P-R324-HHF3 phpseclib Infinite Loop vulnerability
Math/PrimeField.php in phpseclib has an infinite loop with composite primefields. This vulnerability was introduced in version 3.0.0, and has been patched in 3.0.19. The CVE for this issue originally identified the the vulnerable version as 2.x, however, the vulnerable functionality was not...
DSA-5246-1 mediawiki - security update
Bulletin has no description...
GHSA-HRGX-P36P-89Q4 PrestaShop eval injection possible if shop vulnerable to SQL injection
Impact Eval injection possible if the shop is vulnerable to an SQL injection. Patches The problem is fixed in version 1.7.8.7 Workarounds Delete the MySQL Smarty cache feature by removing these lines in the file config/smarty.config.inc.php lines 43-46 PrestaShop 1.7 or 40-43 PrestaShop 1.6: php ...
GHSA-556Q-H4VR-PGH2 CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the method parameter...
GHSA-2F88-5HG8-9X2X Origin Validation Error in Apache Maven
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model pom which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository...
GHSA-XC67-HJX6-CGG6 Installation information leak in Eclipse Jetty
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...
BIT-GITLAB-2024-1539 Missing Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API...
BIT-GITLAB-2024-13041 Incorrect User Management in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. A...
BIT-POSTGRESQL-2024-10978 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...
RHEA-2014:1175 Red Hat Enhancement Advisory: Release of Satellite 6.0
Bulletin has no description...
GHSA-9HH2-8CW6-HFV7 TYPO3 Cross-Site Scripting vulnerability in the Install Tool
Multiple cross-site scripting XSS vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
GHSA-9279-7HPH-R3XW Buffer Overflow in Apache Mina SSHD
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0...
GHSA-P82G-2XPP-M5R3 Cross-Site Scripting in dojo
Versions of dojo prior to 1.2.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize HTML code in user-controlled input, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.2.0 or later...
CVE-2017-12615
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...
BIT-SQLITE-2025-6965 Integer Truncation on SQLite
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above...
BIT-GITLAB-2024-3114 Uncontrolled Resource Consumption in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server...
OPENSUSE-SU-2024:11124-1 openssh-8.4p1-7.4 on GA media
These are all security issues fixed in the openssh-8.4p1-7.4 package on the GA media of openSUSE Tumbleweed...
CVE-2024-24756 Crafatar path traversal vulnerability
Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the lib/public/ directory can be requested from the server. Instances running behind Cloudflare including crafatar.com are not affected. Instances using the Docker container as shown in the READ...
GHSA-VV7Q-MFPC-QGM5 Unserialized Pop Chain in Laravel
Withdrawn This advisory has been withdrawn because it is not a security issue and the CVE has been revoked. Original Description Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution RCE via an unserialized pop chain in destruct in...
GHSA-M6CH-GG5F-WXX3 HTTP Proxy header vulnerability
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...
HSEC-2024-0003 process: command injection via argument list on Windows
process: command injection via argument list on Windows The process library on Windows is vulnerable to a command injection vulnerability, via cmd.exe's interpretation of arguments. Programs that invoke batch files .bat, .cmd and pass arguments whose values are affected by program inputs may be...
BIT-POSTGRESQL-2024-10977 PostgreSQL libpq retains an error message from man-in-the-middle
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...
CVE-2023-31122
Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57...
GHSA-RM7J-F5G5-27VV Duplicate Advisory: Denial of Service in JSON-Java
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jq9-2xhw-jpx7. This link is maintained to preserve external references. Original Description Denial of Service in JSON-Java versions prior to 20230618. A bug in the parser means that an input string of modest...
GHSA-485R-RP8V-998V Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability
Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...
GHSA-29Q6-P2CG-4V23 Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin
Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier allows Pipeline authors to specify file parameters for Pipeline input steps even though they are unsupported. Although the uploaded file is not copied to the workspace, Jenkins archives the file on the controller as part of build metadata...
MAL-2022-873 Malicious code in adsscriptloaderstatic (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5b68c5c565d5e74ccb2314d025daaf561be580a1b406cd797cd5d8f02d13c3c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-7J4H-8WPF-RQFH Missing XML Validation in Apache Xerces2
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...
GHSA-M2C7-42RF-C62F Unrestricted Upload of File with Dangerous Type in motionEye
motionEye = 0.42.1 and motioneEyeOS = 20200606 allow a remote attacker to upload a configuration backup file containing a malicious python pickle file. This is possible when an installation is accessible over the Internet and uses no or poor authentication credentials. The GitHub repositories for...
GHSA-RV39-3QH7-9V7W Improper Input Validation in Spring Framework
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...
CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...
BIT-GITLAB-2025-0652 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2 could allow unauthorized users to access confidential information intended for internal use only...