** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driv…
[concrete5/concrete5] Concrete CMS vulnerable to Cross-site Request Forgery
Concrete CMS is vulnerable to CSRF due to the lack of “State” parameter for external Concrete authentication service for users of Concrete who use the “out of the box” core OAuth.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-43693
https://docu…
[pillow] Pillow subject to DoS via SAMPLESPERPIXEL tag
Pillow starting with 9.2.0 and prior to 9.3.0 allows denial of service via SAMPLESPERPIXEL. A large value in the SAMPLESPERPIXEL tag could lead to a memory and runtime DOS in TiffImagePlugin.py when setting up the context for image decoding. This issue…
[apache-airflow] Apache Airflow subject to Exposure of Sensitive Information
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affec…
[pillow] Pillow vulnerable to Data Amplification attack.
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
References
https://nvd.nist.gov/vuln/detail/CVE-2022-45198
https://github.com/python-pillow/Pillow/pull/6402
https://bugs.gentoo.org/855683
https://cwe….
[apache-airflow] Apache Airflow vulnerable to OS Command Injection via example DAGs
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow versions prior to 2.4.0.
References
https…
[nodebb] NodeBB vulnerable to Cross-Site Request Forgery
A vulnerability was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to addre…
[nukeviet/nukeviet] NukeView CMS vulnerable to Cross-site Scripting
NukeView CMS has been found to be vulnerable to Cross-site Scripting. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet …
[matrix-appservice-irc] Matrix-appservice-irc vulnerable to sql injection via roomIds argument
A vulnerability was found in matrix-appservice-irc up to 0.35.1. This vulnerability affects the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to address …
[com.manydesigns:portofino] ManyDesigns Portofino subject to creation of insecure temporary file
A vulnerability has been found in ManyDesigns Portofino 5.3.2. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. U…