921352 matches found
GHSA-6FCF-G3MP-XJ2X memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1...
CVE-2024-40725 Apache HTTP Server: source code disclosure with handlers configured via AddType
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...
GHSA-CHFC-9W6M-75RF Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability
Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0. This advisory also provides guidance on what developers can do to update their applicatio...
GO-2024-2882 github.com/huandu/facebook may expose access_token in error message.
github.com/huandu/facebook may expose accesstoken in error message...
GHSA-4W54-WWC9-X62C Silverpeas authentication bypass
Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access...
GHSA-MXHQ-XW3G-RPHC lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Summary The latest version of lobe-chatby now v0.141.2 has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/settings/agent you...
RLSA-2024:1688 Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTT...
GHSA-MWC7-64WG-PGVJ NiceGUI allows potential access to local file system
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...
ALSA-2024:1607 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: vmwgfx: NULL pointer dereference in vmwcmddxdefinequery CVE-2022-38096 kernel: Out of boundary write in perfreadgroup as result of overflow a perfevent's readsize CVE-2023-6931 kernel: GS...
BIT-NODE-2020-1971 EDIPARTYNAME NULL pointer dereference
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...
BIT-GOLANG-2020-16845
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs...
BIT-PHP-2020-7059 OOB read in php_strip_tags_ex
When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...
BIT-POSTGRESQL-2020-25695
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...
BIT-RESOURCESPACE-2021-41765
A SQL injection issue in pages/editfields/9ajax/addkeyword.php of ResourceSpace 9.5 and 9.6 rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user...
BIT-RESOURCESPACE-2021-41950
A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the...
BIT-ENVOY-2023-44487
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
CVE-2023-52428
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...
GHSA-GP3W-2V2M-P686 Vyper's external calls can overflow return data to return input buffer
Summary When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 overlapping with the input buffer. When checking RETURNDATASIZE for dynamic types, the size is compared only to the minimum allowed size for that typ...
GHSA-4MQ2-GC4J-CMW6 Django Template Engine Vulnerable to XSS
Impact Vulnerability Type: Cross-Site Scripting XSS Affected Users: All users of the Django template engine for Fiber prior to the patch. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of...
GHSA-QJ86-P74R-7WP5 Remote code execution/programming rights with configuration section from any user account
Impact Anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki...
ALSA-2023:6667 Moderate: samba security, bug fix, and enhancement update
Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version:...
BIT-2020-2574
Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...
RLSA-2023:5989 Important: varnish security update
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rap...
RLSA-2023:5721 Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS...
BIT-2023-42792
Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to...
ALSA-2023:5929 Important: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the security issues, including the impact, a CVSS...
ALSA-2023:5713 Moderate: nginx:1.22 security update
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...
ALSA-2023:5738 Important: go-toolset and golang security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325...
GHSA-Q832-2275-RFQH Subrion CMS XSS in /panel/configuration/financial/
A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...
CVE-2023-4504 OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023...
RLSA-2023:5091 Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: UAF in nftables when nftsetlookupglobal triggered after handling named and anonymous sets in batch requests CVE-2023-3390 kernel:...
CVE-2023-41058 Trigger `beforeFind` not invoked in internal query pipeline in parse-server
Parse Server is an open source backend server. In affected versions the Parse Cloud trigger beforeFind is not invoked in certain conditions of Parse.Query. This can pose a vulnerability for deployments where the beforeFind trigger is used as a security layer to modify the incoming query. The...
GHSA-GPVC-MX6G-CCHV underscore-keypath vulnerable to Prototype Pollution
Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like proto...
GHSA-WHR7-M3F8-MPM8 Grav Server-side Template Injection (SSTI) via Twig Default Filters
Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection SSTI via Twig Default Filters Summary: | Product | Grav CMS | | ----------------------- | --------------------------------------------- | | Vendor | Grav...
GHSA-F55R-8RCV-MQCF Concrete CMS missing secure cookie parameters
Concrete CMS previously concrete5 before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies...
GHSA-4QMM-CV4R-QFR4 alextselegidis/easyappointments Session Fixation vulnerability
alextselegidis/easyappointments is vulnerable to session fixation. The application does not generate a new easession cookie after the user authenticates. A malicious user may create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid,...
ALSA-2023:1670 Important: httpd and mod_http2 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
GHSA-5CF8-VRR8-8HJM XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor
Impact Users can deduce the content of the password fields by repeated call to LiveTableResults and WikisLiveTableResultsMacros. Patches The issue is applied on versions 14.7-rc-1, 13.4.4, and 13.10.9. Workarounds The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, and 13.10.9 and...
RLSA-2023:0852 Moderate: httpd:2.4 security and bug fix update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...
GO-2023-1559 Denial of service via HAMT decoding panic in github.com/ipfs/go-unixfsnode
Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by a bogus fanout parameter in the HAMT directory nodes. There are no known workarounds users are advised to...
GHSA-QRG7-HFX7-95C5 Command injection in Git package in Wrangler
Impact A command injection vulnerability was discovered in Wrangler's Git package affecting versions up to and including v1.0.0. Wrangler's Git package uses the underlying Git binary present in the host OS or container image to execute Git operations. Specially crafted commands can be passed to...
GHSA-V3CG-7R9H-R2G6 Field-level security issue with .keyword fields in OpenSearch
Advisory title: Field-level security issue with .keyword fields Affected versions: OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 Patched versions: OpenSearch 1.3.8 and 2.5.0 Impact: There is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly...
GO-2022-1155 Panic in github.com/ipfs/go-merkledag
A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. Additionally, use of the ProtoNode.SetCidBuilder method to set non-functioning CidBuilder such as one that refers to a multihash where ...
ASB-A-201667614
In multiple locations of MediaProvider.java, there is a possible way to get read/write access to other applications’ dedicated, app-specific directory within external storage due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed...
DLA-3207-1 jackson-databind - security update
Bulletin has no description...
RLSA-2022:8067 Moderate: httpd security, bug fix, and enhancement update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd 2.4.53. BZ2079939 Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of...
DLA-3164-1 python-django - security update
Bulletin has no description...
RUSTSEC-2022-0091 `tauri` filesystem scope partial bypass
A bug identified in this issue allows a partial filesystem scope bypass if glob characters are used within file dialog or drag-and-drop functionalities. This PR fixes the issue by escaping glob characters...
DLA-3102-1 linux-5.10 - new package
Bulletin has no description...
RUSTSEC-2022-0063 Multiple vulnerabilities resulting in out-of-bounds writes
The heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 sizeof:: because of metadata write operations. When calling Heap::extend with a size smaller than two...