Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache …
[org.apache.james:apache-mime4j] Apache James MIME4J vulnerable to information disclosure to local users
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to…
[org.nuxeo.ecm.platform:nuxeo-platform-oauth] Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting (XSS). This XSS can be escalated to Remote Code Execution (RCE…
[robots-txt-guard] robots-txt-guard Inefficient Regular Expression Complexity vulnerability
A vulnerability was found in Woorank robots-txt-guard. It has been rated as problematic. Affected by this issue is the function makePathPattern of the file lib/patterns.js. The manipulation of the argument pattern leads to inefficient regular expressio…
[ms] Vercel ms Inefficient Regular Expression Complexity vulnerability
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack…
[github.com/ipld/go-ipld-prime/codec/json] go-ipld-prime/codec/json may panic if asked to encode bytes
go-ipld-prime is a series of Go interfaces for manipulating IPLD data and a Go module that contains the go-ipld-prime/codec/json codec.
Impact
Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON encoder which will panic a…
[ldapcherry] LdapCherry Cross-site Scripting vulnerbaility
A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. U…
[django-ucamlookup] django-ucamlookup Cross-site Scripting vulnerability
A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. Th…
[xataface/xataface] Xataface vulnerable to Cross-site Scripting
A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x. Affected by this issue is the function testftp of the file install/install_form.js.php of the component Installer. The manipulation leads to cross site …
[pyload-ng] pyLoad vulnerable to Improper Restriction of Rendered UI Layers or Frames
Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-0057
https://github.com/pyload/pyload/commit/bd2a31b7de54570b919aa1581d486e6ee18c0f64
…