π¨ CVE-2022-48740
In the Linux kernel, the following vulnerability has been resolved:
selinux: fix double free of cond_list on error paths
On error path from cond_read_list() and duplicate_policydb_cond_list()
the cond_list_destroy() gets called a second time in caller functions,
resulting in NULL pointer deref. Fix this by resetting the
cond_list_len to 0 in cond_list_destroy(), making subsequent calls a
noop.
Also consistently reset the cond_list pointer to NULL after freeing.
[PM: fix line lengths in the description]
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
selinux: fix double free of cond_list on error paths
On error path from cond_read_list() and duplicate_policydb_cond_list()
the cond_list_destroy() gets called a second time in caller functions,
resulting in NULL pointer deref. Fix this by resetting the
cond_list_len to 0 in cond_list_destroy(), making subsequent calls a
noop.
Also consistently reset the cond_list pointer to NULL after freeing.
[PM: fix line lengths in the description]
π@cveNotify
π¨ CVE-2024-46632
Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.
π@cveNotify
Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.
π@cveNotify
GitHub
Bug: Heap Buffer Overflow in the `MD5Importer::LoadMD5MeshFile` Β· Issue #5771 Β· assimp/assimp
Affected Projects assimp v5.4.3 (https://github.com/assimp/assimp) Problem Type CWE-122: Heap-based Buffer Overflow Decription Describe the bug There is a heap-buffer-overflow vulnerability in the ...
π¨ CVE-2025-3045
A vulnerability, which was classified as critical, was found in oretnom23/SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /remove-apartment.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability, which was classified as critical, was found in oretnom23/SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /remove-apartment.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
SQL/SQL2.md at main Β· byxs0x0/SQL
Contribute to byxs0x0/SQL development by creating an account on GitHub.
π¨ CVE-2024-47378
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4.
π@cveNotify
π¨ CVE-2022-28802
Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's account, but was supposed to enforce role-based access control within that company's account. Before 2022-08-17, a customer could have resolved this by (in effect) using a separate virtual machine for an application that held credentials - or other secrets - that weren't supposed to be shared among all of its employees. (Multiple accounts would have been needed to operate these independent virtual machines.)
π@cveNotify
Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's account, but was supposed to enforce role-based access control within that company's account. Before 2022-08-17, a customer could have resolved this by (in effect) using a separate virtual machine for an application that held credentials - or other secrets - that weren't supposed to be shared among all of its employees. (Multiple accounts would have been needed to operate these independent virtual machines.)
π@cveNotify
π¨ CVE-2022-28979
Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field.
π@cveNotify
Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field.
π@cveNotify
Liferay
The Most Flexible DXP | AI, CMS, DAM, Low Code, Commerce
Digital Experience Platform designed for complexity. Integrates with everything: CMS β DAM β Commerce β AI β Low Code β Search β and more!
π¨ CVE-2022-32807
This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files.
π@cveNotify
This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files.
π@cveNotify
Apple Support
About the security content of Security Update 2022-005 Catalina
This document describes the security content of Security Update 2022-005 Catalina.
π¨ CVE-2022-32832
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.
π@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.
π@cveNotify
Apple Support
About the security content of watchOS 8.7
This document describes the security content of watchOS 8.7.
π¨ CVE-2022-32843
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory.
π@cveNotify
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory.
π@cveNotify
Apple Support
About the security content of Security Update 2022-005 Catalina
This document describes the security content of Security Update 2022-005 Catalina.
π¨ CVE-2022-28721
Certain HP Print Products are potentially vulnerable to Remote Code Execution.
π@cveNotify
Certain HP Print Products are potentially vulnerable to Remote Code Execution.
π@cveNotify
π¨ CVE-2024-6843
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins
π@cveNotify
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins
π@cveNotify
WPScan
SmartSearch WP <= 2.4.4 - Unauthenticated Stored XSS
See details on SmartSearch WP <= 2.4.4 - Unauthenticated Stored XSS CVE 2024-6843. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-6847
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users when submitting messages to the chatbot.
π@cveNotify
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users when submitting messages to the chatbot.
π@cveNotify
WPScan
SmartSearch WP <= 2.4.4 - Unauthenticated SQLi
See details on SmartSearch WP <= 2.4.4 - Unauthenticated SQLi CVE 2024-6847. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-48655
An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file.
π@cveNotify
An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file.
π@cveNotify
GitHub
Server Side JavaScript Code Injection Vulnerability was detected for func.js Β· Issue #49 Β· totaljs/cms
Description We have identified a Server-Side JavaScript Code Injection vulnerability in total.js Content Management System, specifically in func.js file. Server-side code injection vulnerabilities ...
π¨ CVE-2024-48191
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17
π@cveNotify
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17
π@cveNotify
GitHub
cms/5/readme.md at main Β· xiaoyin0226/cms
Contribute to xiaoyin0226/cms development by creating an account on GitHub.
π¨ CVE-2024-48291
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17
π@cveNotify
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17
π@cveNotify
GitHub
cms/4/readme.md at main Β· Gxxxxxxxxxxxxxxxxxx/cms
Contribute to Gxxxxxxxxxxxxxxxxxx/cms development by creating an account on GitHub.
π¨ CVE-2024-42835
langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
π@cveNotify
langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
π@cveNotify
GitHub
Code Execution vulnerability with tool PythonCodeTool Β· Issue #2908 Β· langflow-ai/langflow
Bug Description When compose an LLM app with langflow, PythonCodeTool is available to developers to implement a tool with StructuredTool in langchain. However, there is a lack of validation for the...
π¨ CVE-2021-21353
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including "pug", "pug-code-gen". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade.
π@cveNotify
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including "pug", "pug-code-gen". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade.
π@cveNotify
GitHub
fix: sanitise and escape the `pretty` option (#3314) Β· pugjs/pug@991e78f
Pug β robust, elegant, feature rich template engine for Node.js - fix: sanitise and escape the `pretty` option (#3314) Β· pugjs/pug@991e78f
π¨ CVE-2022-31022
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a nodeβs filesystem where the bleve index resides, if the user has used bleveβs own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit
handling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. Version 2.5.0 relocated the `http/` dir used _only_ by bleve-explorer to `blevesearch/bleve-explorer`, thereby addressing the issue. However, the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases.
π@cveNotify
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a nodeβs filesystem where the bleve index resides, if the user has used bleveβs own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit
handling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. Version 2.5.0 relocated the `http/` dir used _only_ by bleve-explorer to `blevesearch/bleve-explorer`, thereby addressing the issue. However, the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases.
π@cveNotify
GitHub
Link security advisory to README (#1694) Β· blevesearch/bleve@1c7509d
A modern text/numeric/geo-spatial/vector indexing library for go - Link security advisory to README (#1694) Β· blevesearch/bleve@1c7509d
π¨ CVE-2021-43310
A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.
π@cveNotify
A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.
π@cveNotify
GitHub
Keylime: malicious reset or replay of U and V encryption
### Impact
This vulnerability allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. These new keys will break attestati...
This vulnerability allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. These new keys will break attestati...
π¨ CVE-2022-23949
In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.
π@cveNotify
In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.
π@cveNotify
GitHub
Validate user ID in all public interfaces Β· keylime/keylime@387e320
The user ID is read from the config file, or from some public REST API.
We should validate that is composed with valid set of chars.
Signed-off-by: Alberto Planas <aplanas@suse.com>
We should validate that is composed with valid set of chars.
Signed-off-by: Alberto Planas <aplanas@suse.com>
π¨ CVE-2022-23950
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.
π@cveNotify
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.
π@cveNotify
GitHub
revocation_notifier: move zmq socket to /var/run/keylime Β· keylime/keylime@ea5d037
Currently we are placing the zmq IPC socket in /tmp, that can be
accessed by all the users.
This patch moves the socket into /var/run/keylime, making sure that the
directory is created and present...
accessed by all the users.
This patch moves the socket into /var/run/keylime, making sure that the
directory is created and present...