911094 matches found
BIT-GITLAB-2024-6324 Inefficient Algorithmic Complexity in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics...
BIT-GITLAB-2024-8180 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled...
GHSA-36JR-MH4H-2G58 d3-color vulnerable to ReDoS
The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds...
CVE-2022-30699
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue...
ASB-A-141745510
In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for exploitation...
GHSA-J965-2QGJ-VJMQ JavaScript SDK v2 users should add validation to the region parameter value in or migrate to v3
CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. Per the AWS shared responsibilit...
CVE-2025-2867 Improper Control of Generation of Code ('Code Injection') in GitLab
An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...
GHSA-G3CH-RX76-35FX vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code...
BIT-PYTHON-2022-42919
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network...
BIT-APACHE-2020-13938 Improper Handling of Insufficient Privileges
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows...
BIT-APACHE-2023-31122 Apache HTTP Server: mod_macro buffer over-read
Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57...
GHSA-5HM8-VH6R-2CJQ CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection
Impact This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a subdomain site e.g., https://a.example.com/ of the target site e.g.,...
DSA-5197-1 curl - security update
Bulletin has no description...
GHSA-JGJC-332C-8CMC SQL injection in phpMyAdmin
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature...
DSA-3489-1 lighttpd - security update
Bulletin has no description...
GHSA-5P75-VC5G-8RV2 SvelteKit vulnerable to Cross-Site Request Forgery
Summary The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to it’s users. The protection i...
GO-2023-1623 Out-of-memory panic in github.com/crossplane/crossplane-runtime
An out of memory panic vulnerability exists in the crossplane-runtime libraries. Applications that use the Paved type's SetValue method with user-provided input that is not properly validated might use excessive amounts of memory and cause an out of memory panic. In the fieldpath package, the...
GHSA-7GGW-H8PP-R95R October CMS Session ID not invalidated after logout
Impact When logging out, the session ID was not invalidated. This is not a problem while the user is logged out, but as soon as the user logs back in the old session ID would be valid again; which means that anyone that gained access to the old session cookie would be able to act as the logged in...
PYSEC-2018-28
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network...
GHSA-44WR-RMWQ-3PHW Craft CMS vulnerable to Remote Code Execution via validatePath bypass
Summary Bypassing the validatePath function can lead to potential Remote Code Execution Post-authentication, ALLOWADMINCHANGES=true Details In bootstrap.php, the SystemPaths path is set as below. php // Set the vendor path. By default assume that it's 4 levels up from here $vendorPath =...
DLA-3532-1 openssh - security update
Bulletin has no description...
GHSA-HH82-3PMQ-7FRP Netty vulnerable to HTTP Response splitting from assigning header value iterator
Impact When calling DefaultHttpHeaders.set with an iterator of values as opposed to a single given value, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. Patches The necessary validation was added in Netty 4.1.86.Fina...
MAL-2024-11033 Malicious code in dogwiftools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 072830cdf24f92d02ea5bb6ca4b9c474b7fa3a234ddfb1b98eaaccbc8cc06842 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
BIT-2023-46288
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuratio...
CVE-2023-41878 Weak password of selenium VNC in MeterSphere
MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high...
GHSA-CCHQ-FRGV-RJH5 vm2 Sandbox Escape vulnerability
In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code. Impact Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. Patches None. Workarounds...
CVE-2023-28371
In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...
DSA-5246-1 mediawiki - security update
Bulletin has no description...
GHSA-PVR5-84GR-G985 phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...
CVE-2021-44686
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service in htmlpreprocessrules in ebooks/conversion/preprocess.py...
BIT-GITLAB-2024-12431 Missing Authorization in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects...
GHSA-HM7P-R324-HHF3 phpseclib Infinite Loop vulnerability
Math/PrimeField.php in phpseclib has an infinite loop with composite primefields. This vulnerability was introduced in version 3.0.0, and has been patched in 3.0.19. The CVE for this issue originally identified the the vulnerable version as 2.x, however, the vulnerable functionality was not...
GHSA-HRGX-P36P-89Q4 PrestaShop eval injection possible if shop vulnerable to SQL injection
Impact Eval injection possible if the shop is vulnerable to an SQL injection. Patches The problem is fixed in version 1.7.8.7 Workarounds Delete the MySQL Smarty cache feature by removing these lines in the file config/smarty.config.inc.php lines 43-46 PrestaShop 1.7 or 40-43 PrestaShop 1.6: php ...
GHSA-556Q-H4VR-PGH2 CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the method parameter...
GHSA-M2C7-42RF-C62F Unrestricted Upload of File with Dangerous Type in motionEye
motionEye = 0.42.1 and motioneEyeOS = 20200606 allow a remote attacker to upload a configuration backup file containing a malicious python pickle file. This is possible when an installation is accessible over the Internet and uses no or poor authentication credentials. The GitHub repositories for...
GHSA-9279-7HPH-R3XW Buffer Overflow in Apache Mina SSHD
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0...
GHSA-2F88-5HG8-9X2X Origin Validation Error in Apache Maven
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model pom which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository...
GHSA-XC67-HJX6-CGG6 Installation information leak in Eclipse Jetty
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...
CVE-2017-12615
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...
BIT-SQLITE-2025-6965 Integer Truncation on SQLite
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above...
BIT-GITLAB-2024-1539 Missing Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API...
BIT-GITLAB-2024-13041 Incorrect User Management in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. A...
BIT-POSTGRESQL-2024-10978 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...
RHEA-2014:1175 Red Hat Enhancement Advisory: Release of Satellite 6.0
Bulletin has no description...
BIT-GIT-2024-32002 Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory...
GHSA-9HH2-8CW6-HFV7 TYPO3 Cross-Site Scripting vulnerability in the Install Tool
Multiple cross-site scripting XSS vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
GHSA-P82G-2XPP-M5R3 Cross-Site Scripting in dojo
Versions of dojo prior to 1.2.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize HTML code in user-controlled input, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.2.0 or later...
BIT-GITLAB-2024-3114 Uncontrolled Resource Consumption in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server...
OPENSUSE-SU-2024:11124-1 openssh-8.4p1-7.4 on GA media
These are all security issues fixed in the openssh-8.4p1-7.4 package on the GA media of openSUSE Tumbleweed...
CVE-2024-24756 Crafatar path traversal vulnerability
Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the lib/public/ directory can be requested from the server. Instances running behind Cloudflare including crafatar.com are not affected. Instances using the Docker container as shown in the READ...