π¨ CVE-2022-0352
Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.
π@cveNotify
Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.
π@cveNotify
GitHub
Prevent wrong use of safe statement Β· janeczku/calibre-web@6bf0753
:books: Web app for browsing, reading and downloading eBooks stored in a Calibre database - Prevent wrong use of safe statement Β· janeczku/calibre-web@6bf0753
π¨ CVE-2022-0339
Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.
π@cveNotify
Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.
π@cveNotify
GitHub
Kobo sync token is now also created if accessed from localhost(fixes β¦ Β· janeczku/calibre-web@3b216bf
β¦#1990)
Create kobo sync token button is now "unclicked" after closing dialog
Additional localhost route is catched
If book format is deleted this also deletes the book synced to...
Create kobo sync token button is now "unclicked" after closing dialog
Additional localhost route is catched
If book format is deleted this also deletes the book synced to...
π¨ CVE-2022-0766
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
π@cveNotify
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
π@cveNotify
GitHub
Don't allow redirects on cover uploads, catch more addresses which re⦠· janeczku/calibre-web@965352c
β¦solve to localhost
π¨ CVE-2022-0767
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
π@cveNotify
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
π@cveNotify
GitHub
Don't allow redirects on cover uploads, catch more addresses which re⦠· janeczku/calibre-web@965352c
β¦solve to localhost
π¨ CVE-2022-0405
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
π@cveNotify
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
π@cveNotify
GitHub
Kobo sync token is now also created if accessed from localhost(fixes β¦ Β· janeczku/calibre-web@3b216bf
β¦#1990)
Create kobo sync token button is now "unclicked" after closing dialog
Additional localhost route is catched
If book format is deleted this also deletes the book synced to...
Create kobo sync token button is now "unclicked" after closing dialog
Additional localhost route is catched
If book format is deleted this also deletes the book synced to...
π¨ CVE-2022-0406
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.
π@cveNotify
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.
π@cveNotify
GitHub
Upates for new release Β· janeczku/calibre-web@e0e0422
:books: Web app for browsing, reading and downloading eBooks stored in a Calibre database - Upates for new release Β· janeczku/calibre-web@e0e0422
π¨ CVE-2022-0939
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
π@cveNotify
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
π@cveNotify
GitHub
Better epub cover parsing with multiple cover-image items Β· janeczku/calibre-web@4545f4a
Code cosmetics
renamed variables
refactored xml page generation
refactored prepare author
renamed variables
refactored xml page generation
refactored prepare author
π¨ CVE-2022-0990
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
π@cveNotify
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
π@cveNotify
GitHub
Better epub cover parsing with multiple cover-image items Β· janeczku/calibre-web@4545f4a
Code cosmetics
renamed variables
refactored xml page generation
refactored prepare author
renamed variables
refactored xml page generation
refactored prepare author
π¨ CVE-2022-2525
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.
π@cveNotify
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.
π@cveNotify
GitHub
** Be careful, after updating, there is no way back ** Β· janeczku/calibre-web@49e4f54
** Please install flask-limiter after updating **
Update Teststatus
Bugfix after merge
Bugfix generate Metadata backup
Update Teststatus
Bugfix after merge
Bugfix generate Metadata backup
π¨ CVE-2023-2106
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
π@cveNotify
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
π@cveNotify
GitHub
** Be careful, after updating, there is no way back ** Β· janeczku/calibre-web@49e4f54
** Please install flask-limiter after updating **
Update Teststatus
Bugfix after merge
Bugfix generate Metadata backup
Update Teststatus
Bugfix after merge
Bugfix generate Metadata backup
π¨ CVE-2024-44206
An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions.
π@cveNotify
An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions.
π@cveNotify
Apple Support
About the security content of iOS 17.6 and iPadOS 17.6 - Apple Support
This document describes the security content of iOS 17.6 and iPadOS 17.6.
π¨ CVE-2024-23715
In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2022-31667
Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesnβt have access to.
By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesnβt have access to, it was possible to revoke the robot account permissions.
π@cveNotify
Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesnβt have access to.
By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesnβt have access to, it was possible to revoke the robot account permissions.
π@cveNotify
GitHub
Harbor fails to validate the user permissions when updating a robot account
### Impact
Harbor fails to validate the user permissions when updating a robot account that
belongs to a project that the authenticated user doesnβt have access to. API call:
PUT /robots/{robo...
Harbor fails to validate the user permissions when updating a robot account that
belongs to a project that the authenticated user doesnβt have access to. API call:
PUT /robots/{robo...
π¨ CVE-2022-31668
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.
π@cveNotify
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.
π@cveNotify
GitHub
Harbor fails to validate the user permissions when updating p2p preheat policies
### Impact
Harbor fails to validate the user permissions when updating p2p preheat policies - API call
PUT /projects/{project_name}/preheat/policies/{preheat_policy_name}
By sending a req...
Harbor fails to validate the user permissions when updating p2p preheat policies - API call
PUT /projects/{project_name}/preheat/policies/{preheat_policy_name}
By sending a req...
π¨ CVE-2022-31669
Harbor fails to validate the user permissions when updating tag immutability policies.
By sending a request to update a tag immutability policy with an id that belongs to a
project that the currently authenticated user doesnβt have access to, the attacker could
modify tag immutability policies configured in other projects.
π@cveNotify
Harbor fails to validate the user permissions when updating tag immutability policies.
By sending a request to update a tag immutability policy with an id that belongs to a
project that the currently authenticated user doesnβt have access to, the attacker could
modify tag immutability policies configured in other projects.
π@cveNotify
GitHub
Harbor fails to validate the user permissions when updating tag immutability policies
### Impact
Harbor fails to validate the user permissions when updating tag immutability policies - API call:
PUT /projects/{project_name_or_id}/immutabletagrules/{immutable_rule_id}
By sen...
Harbor fails to validate the user permissions when updating tag immutability policies - API call:
PUT /projects/{project_name_or_id}/immutabletagrules/{immutable_rule_id}
By sen...
π¨ CVE-2022-31670
Harbor fails to validate the user permissions when updating tag retention policies.
By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesnβt have access to, the attacker could modify
tag retention policies configured in other projects.
π@cveNotify
Harbor fails to validate the user permissions when updating tag retention policies.
By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesnβt have access to, the attacker could modify
tag retention policies configured in other projects.
π@cveNotify
GitHub
Harbor fails to validate the user permissions when updating tag retention policies
### Impact
Harbor fails to validate the user permissions when updating tag retention policies. API call:
PUT /retentions/{id}
By sending a request to update a tag retention policy with an...
Harbor fails to validate the user permissions when updating tag retention policies. API call:
PUT /retentions/{id}
By sending a request to update a tag retention policy with an...
π¨ CVE-2021-3991
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
π@cveNotify
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
π@cveNotify
GitHub
Debug permission on supplier order. Β· Dolibarr/dolibarr@63cd063
Fix #huntr58ddbd8a-0faf-4b3f-aec9-5850bb19ab67