907558 matches found
GHSA-M27M-628V-XXP2 Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors...
GHSA-29GQ-H27W-54QF Jenkins VS Team Services Continuous Deployment Plugin stores credentials in plain text
Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
GHSA-8M5H-HRQM-PXM2 Path traversal in the OWASP Enterprise Security API
Impact The default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire...
GHSA-GCX2-GVJ7-PXV3 Insufficient Protection against HTTP Request Smuggling in mitmproxy
Impact In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While...
GHSA-FMJ2-7WX8-QJ4V Server-side request forgery (SSRF) in Apache XmlGraphics Commons
Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...
CVE-2022-0392 Heap-based Buffer Overflow in vim/vim
Heap-based Buffer Overflow in GitHub repository vim prior to 8.2...
DLA-2610-1 linux-4.19 - security update
Bulletin has no description...
DSA-1929-1 linux-2.6 - several vulnerabilities
Bulletin has no description...
CGA-F79M-WWXV-M882
Bulletin has no description...
CVE-2024-25107 Cross-Site Scripting in WikiDiscover
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the Language::date function is used when making the human-readable timestamp for inclusion on the wikicreation column. This function uses interface messages to translate the nam...
CVE-2023-45802
When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...
GHSA-CQVV-R3G3-26RF free5GC udm vulnerable to Invalid Curve Attack
pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its...
DSA-5461-1 linux - security update
Bulletin has no description...
GHSA-MRWQ-X4V8-FH7P Pygments vulnerable to ReDoS
A ReDoS issue was discovered in pygments/lexers/smithy.py in Pygments until 2.15.0 via SmithyLexer...
CVE-2023-24626
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process...
GHSA-59FH-RJQ3-XQ7J Thinkphp has a code logic error
Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell...
DLA-3201-1 ntfs-3g - security update
Bulletin has no description...
GO-2022-1043 Hardcoded hashed password in github.com/flyteorg/flyteadmin
Default authorization server's configuration settings contain a known hardcoded hashed password. Users who enable auth but do not override this setting may unknowingly allow public traffic in by way of this default password with attackers effectively impersonating propeller...
MAL-2022-5590 Malicious code in rapidjson (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d8cde70e5ebdf9f1f3ca47531c69bd833ee151e87b26e71cab845eba16fdbe4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-0546
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution...
GHSA-H79X-98R2-G6QC Impersonation of other users (passing XBOX Live authentication) by theft of logins in PocketMine-MP
Impact Minecraft Bedrock authentication and its protocol encryption are inseparably linked. One is not complete without the other. This vulnerability affects servers which are able to be directly connected to via the internet i.e. not behind a proxy. If you are using a proxy, please check that it...
GHSA-896R-F27R-55MW json-schema is vulnerable to Prototype Pollution
json-schema before version 0.4.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...
GHSA-6QMF-FJ6M-686C Open Redirect in Flask-Security-Too
Impact Flask-Security allows redirects after many successful views e.g. /login by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc network location as the requesting URL. This check utilizes...
GHSA-7XFP-9C55-5VQJ Remote Memory Exposure in request
Affected versions of request will disclose local system memory to remote systems in certain circumstances. When a multipart request is made, and the type of body is number, then a buffer of that size will be allocated and sent to the remote server as the body. Proof of Concept js var request =...
BIT-GITLAB-2024-9596 Inclusion of Sensitive Information in Source Code in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance...
BIT-GITLAB-2024-9623 Incorrect Authorization in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository...
BIT-APACHE-2020-1934
In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server...
GHSA-8R3F-844C-MC37 Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
CVE-2023-39955 Notes attachment render HTML in preview mode
Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a...
MGASA-2023-0188 Updated tcpreplay packages fix security vulnerability
An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpeditdltcleanup function at plugins/dltplugins.c. CVE-2023-27783 An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the readhexstring function ...
CVE-2022-33741
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
GHSA-FHC8-H6HR-H9MQ ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713...
PYSEC-2022-48
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to...
CVE-2021-45078
stabxcoffbuiltintype in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699...
ASB-A-174904512
In nfconntrackhelperq931 of nfconntrackh323main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation...
DLA-2670-1 nginx - security update
Bulletin has no description...
CVE-2020-25681
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overfl...
CVE-2017-0883
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit file...
DLA-139-1 eglibc - security update
Bulletin has no description...
DSA-2639-1 php5 - several vulnerabilities
Bulletin has no description...
GHSA-537C-GMF6-5CCF Vulnerable OpenSSL included in cryptography wheels
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in wheels prior to cryptograph 48.01 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20260609.txt. If yo...
OSV-2026-812 Heap-buffer-overflow in ihevcd_fmt_conv_422sp_to_420p
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=516319578 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcdfmtconv422spto420p ihevcdfmtconv ihevcddecode...
BIT-MAGENTO-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...
GHSA-CJWG-QFPM-7377 python-jose denial of service via compressed JWE content
python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...
BIT-APACHE-2022-37436 Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client...
GHSA-3QJ8-93XH-PWH2 Duplicate Advisory: Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-74m5-2c7w-9w3x. This link is maintained to preserve external references. Original Description There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated a...
GO-2022-1086 Server-side request forger via X-Skipper-Proxy in github.com/zalando/skipper
An attacker can access the internal metadata server or other unauthenticated URLs by adding a specific header X-Skipper-Proxy to the http request...
GHSA-Q9X4-Q76F-5H5J Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030)
Impact Sean Wright from Secureworks has discovered an enumeration vulnerability. An attacker can make use of the Harbor API to make unauthenticated calls to the Harbor instance. Based on the HTTP status code in the response, an attacker is then able to work out which resources exist, and which do...
GO-2021-0076 Out-of-bounds write in github.com/evanphx/json-patch
A malicious JSON patch can cause a panic due to an out-of-bounds write attempt. This can be used as a denial of service vector if exposed to arbitrary user input...
ASB-A-155288585
In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation...