A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipula…
[nodebatis] nodebatis SQL Injection vulnerability
A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. Upgrading to version 2.2.0 can address this issue. The name of the patch is 6629ff…
[org.bonitasoft.connectors:bonita-connector-webservice] bonita-connector-webservice XML External Entity vulnerability
A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector….
[fr.turri:aXMLRPC] aXMLRPC XML External Entity vulnerability
A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerability affects the function ResponseParser of the file src/main/java/de/timroes/axmlrpc/ResponseParser.java. The manipulation leads to xml external entity r…
[org.apache.dubbo:dubbo-parent] Apache Dubbo vulnerable to remote code execution via Telnet Handler
Apache Dubbo is a Java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-authorization remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to acc…
[express-param] express-param vulnerable to Improper Handling of Extra Parameters
A vulnerability was found in flitto express-param up to 0.x. It has been classified as critical. This affects an unknown part of the file lib/fetchParams.js. The manipulation leads to improper handling of extra parameters. It is possible to initiate th…
[arc/web] Ariadne Component Library vulnerable to Server-Side Request Forgery
A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 can addre…
[com.itextpdf:itext-rups] iText RUPS XML External Entity vulnerability
A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The name of the patch is…
[github.com/cloudflare/golz4] LZ4 vulnerable to Out-of-bounds Write
LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.
References
https://nvd.nist.gov/vuln/detail/CVE-2014-125026
https://github.com/cloudflare/go…
[github.com/nanobox-io/golang-nanoauth] golang-nanoauth authentication bypass vulnerability
Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.
References
https://nvd.nist.gov/vuln/detail…