| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. |
| GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read. |
| HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the content of any file in the local file system (to which the victim as read access) can be exfiltrated to a remote listener under the attacker's control. The product does not disable external XML Entity Processing, which can lead to information disclosure and denial of services attacks. |
| Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script. |
| In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions. |
| In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions. |
| In Limesurvey before 3.17.14, the entire database is exposed through browser caching. |
| An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity. |
| An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control. |
| Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. |
| Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint validation in regenc.c. |
| Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c. |
| An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service. |
| BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. |
| A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite. |
| An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls. |
| An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy. |
| An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion. |
| framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. |
| In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure. |
