Skip to content

TechMedia

Header Image
Category

HIGH

385 Posts

Featured

Posted byWpmaster
[Microsoft.NetCore.App.Runtime.win-arm] .NET Remote Code Execution Vulnerability
Posted byWpmaster
[github.com/traefik/traefik/v2] Traefik HTTP header parsing could cause a denial of service
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to Exposure of Sensitive Information Through Metadata
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to Insertion of Sensitive Information Into Sent Data

[openmage/magento-lts] Fix for arbitrary file deletion in customer media allows for remote code execution

  • Posted inHIGH
  • Posted byWpmaster
  • 01/27/202301/28/2023

Impact
Magento admin users with access to the customer media could execute code on the server.
References

https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vpv-xmcj-9q85
https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22
htt…

[openmage/magento-lts] Fix for arbitrary command execution in custom layout update through blocks

  • Posted inHIGH
  • Posted byWpmaster
  • 01/27/202301/28/2023

Impact
Custom Layout enabled admin users to execute arbitrary commands via block methods.
References

https://github.com/OpenMage/magento-lts/security/advisories/GHSA-c9q3-r4rv-mjm7
https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22
https://…

[modoboa] Cross-site Scripting in modoboa

  • Posted inHIGH
  • Posted byWpmaster
  • 01/27/202302/03/2023

Cross-site Scripting (XSS) – Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-0519
https://github.com/modoboa/modoboa/commit/eef9ab72b5305578a3ad7a7463bd284aa645e98b
https://huntr.dev/bou…

[pyload-ng] Improper Certificate Validation in pyload-ng

  • Posted inHIGH
  • Posted byWpmaster
  • 01/27/202301/27/2023

Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-0509
https://github.com/pyload/pyload/commit/a9098bdf7406e6faf9df3da6ff2d584e90c13bbb
https://huntr.dev/bou…

[modoboa] Cross-site Scripting in modoboa

  • Posted inHIGH
  • Posted byWpmaster
  • 01/27/202301/27/2023

Cross-site Scripting (XSS) – Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-0470
https://github.com/modoboa/modoboa/commit/354ab6884019009249097a7f3a1881d81ecd2fd2
https://huntr.dev/bou…

[flash_tool] flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution

  • Posted inHIGH
  • Posted byWpmaster
  • 01/27/202301/27/2023

flash_tool Gem for Ruby contains a flaw that is triggered during the handling of downloaded files that contain shell characters. With a specially crafted file, a context-dependent attacker can execute arbitrary commands.
References

https://nvd.nist.go…

[serve-lite] Directory Traversal vulnerability in serve-lite

  • Posted inHIGH
  • Posted byWpmaster
  • 01/27/202301/31/2023

All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join().
References

https://nvd.nist.gov/vuln/detail/CVE-2022-21…

[smartctl] Command injection in smartctl

  • Posted inHIGH
  • Posted byWpmaster
  • 01/27/202302/02/2023

All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-21810
https://security.snyk.io/vuln/SNYK-JS-SMARTCTL-3175613
https://…

[simple-git] Remote code execution in simple-git

  • Posted inHIGH
  • Posted byWpmaster
  • 01/27/202301/27/2023

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-…

[create-choo-electron] Command Injection in create-choo-electron

  • Posted inHIGH
  • Posted byWpmaster
  • 01/27/202301/27/2023

All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-25908
https://security.snyk.io/vuln/SNYK-JS-…

Posts navigation

Previous Posts 1 2 3 4 5 6 … 39 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close