907635 matches found
GO-2023-2022 Netmaker has Hardcoded DNS Secret Key in github.com/gravitl/netmaker
Netmaker has Hardcoded DNS Secret Key in github.com/gravitl/netmaker...
GO-2024-3055 gotortc Cross-site Scripting vulnerability in github.com/AlexxIT/go2rtc
gotortc Cross-site Scripting vulnerability in github.com/AlexxIT/go2rtc...
GHSA-9794-PC4R-438W Local File Inclusion in Solara
A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...
BELL-CVE-2024-39894
Bulletin has no description...
BIT-APACHE-2024-38474 Apache HTTP Server weakness with encoded question marks in backreferences
Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...
CVE-2024-38474
Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...
ASB-A-316153291
In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITESECURESETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
ALSA-2024:3166 Moderate: openssh security update
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: scp allows command injection when using backtick characters in the destination...
GHSA-3999-5FFV-WP2R Yamux Memory Exhaustion Vulnerability via Active::pending_frames property
Summary Attack scenario The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this frame gets appended to this vector. This can be remotely triggered in a numbe...
ALSA-2024:2447 Low: openssl and openssl-fips-provider security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entri...
ALSA-2024:2135 Moderate: qemu-kvm security update
Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: QEMU: e1000e: heap use-after-free in e1000ewritepackettoguest CVE-2023-3019...
CVE-2024-24795
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue...
GHSA-5JPM-X58V-624V Netty's HttpPostRequestDecoder can OOM
Summary The HttpPostRequestDecoder can be tricked to accumulate data. I have spotted currently two attack vectors Details 1. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consistin...
ALSA-2024:1444 Important: nodejs:16 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 nodejs: HTTP/2: Multiple HTTP/2 enabled...
GO-2024-2614 Password brute force attack in github.com/IceWhaleTech/CasaOS-UserService
The CasaOS web application does not have protection against password brute force attacks. An attacker can use a password brute force attack to find and gain full access to the server. This vulnerability allows attackers to get super user-level access over the server...
BIT-PYTHON-2020-8315
In Python CPython 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected...
BIT-PYTHON-2022-48565
An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...
BIT-ELASTICSEARCH-2023-31417 Elasticsearch Insertion of sensitive information in audit logs
Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords...
CVE-2024-25678
In LiteSpeed QUIC LSQUIC Library before 4.0.4, DCID validation is mishandled...
CVE-2023-51839
DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm...
GHSA-HCVP-2CC7-JRWR changedetection.io API endpoint is not secured with API token
Summary API endpoint /api/v1/watch//history can be accessed by any unauthorized user. Details WatchHistory resource does not have @auth.checktoken annotation, which means it can be accessed without providing x-api-key header...
CVE-2023-50447
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...
CVE-2023-51765
sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...
CVE-2023-49805 Uptime Kuma Missing Origin Validation in WebSockets
Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket with Socket.io, but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their client. When connecting...
GHSA-62PR-QQF7-HH89 XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest
Impact XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document XWiki.AdminSheet by default, everyone including unauthenticated users to execute code including Groovy code. This...
ALSA-2023:6324 Moderate: python3.11-pip security update
pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...
ALSA-2023:5765 Important: nodejs security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 A AlmaLinux Security Bulleti...
ALSA-2023:5710 Important: dotnet6.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23...
GHSA-FR44-546P-7XCP MsQuic Remote Denial of Service Vulnerability
Impact The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service. Patches The following patch was made: - Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/d364feeda0dd8b729eca6fef149c1ef98630f0cb Workarounds...
DLA-3606-1 freerdp2 - security update
Bulletin has no description...
RLSA-2023:4517 Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows...
GHSA-QJ8W-RV5X-2V9H Duplicate Advisory: Starlette vulnerable to directory traversal
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v5gw-mw7f-84px. This link is maintained to preserve external references. Original Description Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote...
CVE-2023-28322
An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...
DLA-3389-1 lldpd - security update
Bulletin has no description...
ASB-A-231985227
In factoryReset of WifiServiceImpl.java, there is a possible way to preserve WiFi settings due to a logic error in the code. This could lead to local non-security issues across resets with no additional execution privileges needed. User interaction is not needed for exploitation...
DLA-3288-1 curl - security update
Bulletin has no description...
GHSA-HRM3-3XM6-X33H golang-nanoauth authentication bypass vulnerability
Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token...
CVE-2022-45442 Sinatra vulnerable to Reflected File Download attack
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is...
RLSA-2022:7110 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A use-after-free in clsroute filter implementation may lead to privilege escalation CVE-2022-2588 Information leak in scsiioctl CVE-2022-0494 A kernel-info-leak issue in pfkeyregister CVE-2022-13...
GHSA-VH7G-P26C-J2CW Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Impact Dex instances with public clients and by extension, clients accepting tokens issued by those Dex instances are affected by this vulnerability. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the...
PYSEC-2022-267
OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacke...
GO-2022-0475 Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo
The go command may execute arbitrary code at build time when cgo is in use. This may occur when running go get on a malicious package, or any other command that builds untrusted code. This can be caused by malicious unquoted symbol name in a linked object file...
CVE-2022-2097
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
DLA-3065-1 linux - security update
Bulletin has no description...
MAL-2022-2047 Malicious code in com.outsystems.plugins.fileviewer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68e48c3e2dce6b01b3a80e3284dea055908e7c232a4f9fa11407fd851f4c0ecc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-3R95-23JP-MHVG Cross-Site Scripting in TYPO3's Form Framework
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.9 Problem It has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this...
CVE-2022-30556
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread that point past the end of the storage allocated for the buffer...
GHSA-6XJ9-HPQ3-W3QW Code injection in MCMS
An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file...
GHSA-RRMF-FPMM-JPWR ViMbAdmin CSRF Vulnerabilities
Multiple cross-site request forgery CSRF vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to 1. add an administrator user via a crafted POST request to...
GHSA-P5F9-C9J9-G8QX Shell command injection in gitea
Gitea before 1.16.7 does not escape the shell out for git fetch remote allowing for shell command injection...