Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong’s latest version or cherry-pick https://github.com/apache/inlong/pull…
[ubi-reader] Path traversal in ubi-reader
ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). T…
[org.apache.linkis:linkis] Apache Linkis vulnerable to Exposure of Sensitive Information
In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in t…
[org.apache.iotdb:iotdb-parent] Apache IoTDB contains Improper Authentication
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-24830
https://lists.apache.org/thread/l4fon37687jz5ohgsnz…
[froxlor/froxlor] Froxlor contains Static Code Injection
Static Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-0566
https://github.com/froxlor/froxlor/commit/bd5b99dc1c06f594b9563d459a50bf3b32504876
https://huntr.dev/bounties/8339e4f…
[froxlor/froxlor] Froxlor contains Business Logic Errors
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-0565
https://github.com/froxlor/froxlor/commit/2feb8020941a82bfb4ac68890f6ced0e5b3c4a15
https://huntr.dev/bounties/12d7829…
[froxlor/froxlor] Froxlor contains Unchecked Error Condition
Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-0572
https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1
https://huntr.dev/bounties/4ab…
[jszip] JSZip contains Path Traversal via loadAsync
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-48285
https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15
https://github.com/Stuk/jszi…
[froxlor/froxlor] Froxlor contains Weak Password Requirements
Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-0564
https://github.com/froxlor/froxlor/commit/2a84e9c1207fd3d792b7fb198fd0c66fe1a66a7a
https://huntr.dev/bounties/a4…
[psiTurk] NYUCCL psiTurk vulnerable to Improper Neutralization of Special Elements
A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elemen…