Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2650
https://github.com/wger-project/wger/commit/5e3167e3a2dc95836fa2607fe201524c031a2c…
Vulnerability
PreparedStatement.setText(int, InputStream)
and
PreparedStatemet.setBytea(int, InputStream)
will create a temporary file if the InputStream is larger than 51k
Example of vulnerable code:
String s = new String(“some very large string great…
The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an at…
sweetalert2 versions 8.19.1 and up until 9.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in …
sweetalert2 versions 9.17.4 and up until 10.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in…
sweetalert2 versions 10.16.10 and up until 11.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included …
A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user’s CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A re…
sweetalert2 versions 11.4.9 and above are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions …
A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-4045
…
Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-45462
https://lists….
