Skip to content

TechMedia

Header Image
Category

HIGH

385 Posts

Featured

Posted byWpmaster
[Microsoft.NetCore.App.Runtime.win-arm] .NET Remote Code Execution Vulnerability
Posted byWpmaster
[github.com/traefik/traefik/v2] Traefik HTTP header parsing could cause a denial of service
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to Exposure of Sensitive Information Through Metadata
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to Insertion of Sensitive Information Into Sent Data

[appwrite/server-ce] Appwrite Server-Side Request Forgery vulnerability

  • Posted inHIGH
  • Posted byWpmaster
  • 04/01/202304/11/2023

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
References
…

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management

  • Posted inHIGH
  • Posted byWpmaster
  • 03/31/202304/08/2023

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to privilege escalation from improper privilege management. Any user with the ability to add a new user can create a user with super admin rights. This has been fixed in 3.1.12.
References

https://nvd.ni…

[Snappier] Snappier vulnerable to buffer overrun due to improper restriction of operations within the bounds of a memory buffer

  • Posted inHIGH
  • Posted byWpmaster
  • 03/28/2023

Impact
This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change generally improves performance and redu…

[MongoDB.Driver] MongoDB .NET/C# Driver vulnerable to Deserialization of Untrusted Data

  • Posted inHIGH
  • Posted byWpmaster
  • 02/22/202303/04/2023

Under very specific circumstances, a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior t…

[Microsoft.NetCore.App.Runtime.win-x64] .NET Remote Code Execution Vulnerability

  • Posted inHIGH
  • Posted byWpmaster
  • 02/15/202302/15/2023

Microsoft Security Advisory CVE-2023-21808: .NET Remote Code Execution Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guid…

[warp] Warp vulnerable to Path Traversal via Improper validation of Windows paths

  • Posted inHIGH
  • Posted byWpmaster
  • 02/01/2023

Path resolution in warp::filters::fs::dir didn’t correctly validate Windows paths
meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed
and respond with the contents of c:/windows/web/screen/img101.png. Thus users
could potentia…

[org.apache.linkis:linkis] Apache Linkis contains Deserialization of Untrusted Data

  • Posted inHIGH
  • Posted byWpmaster
  • 01/31/202302/02/2023

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source a…

[publify_core] Publify contains Weak Password Requirements

  • Posted inHIGH
  • Posted byWpmaster
  • 01/30/202302/01/2023

Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-0569
https://github.com/publify/publify/commit/8905e4e639cf03b758da558568a86c9816253b2d
https://huntr.dev/bounties/81…

[openmage/magento-lts] DataFlow upload remote code execution vulnerability

  • Posted inHIGH
  • Posted byWpmaster
  • 01/27/202301/28/2023

Impact
An administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile.
References

https://github.com/OpenMage/magento-lts/security/advisories/GHSA-h632-p764-pjqm
ht…

[openmage/magento-lts] Fix for authenticated remote code execution through layout update

  • Posted inHIGH
  • Posted byWpmaster
  • 01/27/202301/28/2023

Impact
A layout block was able to bypass the block blacklist to execute remote code.
References

https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5j2g-3ph4-rgvm
https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22
https://githu…

Posts navigation

Previous Posts 1 2 3 4 5 … 39 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close