ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of serve…
[com.liferay.portal:release.portal.bom] Path Traversal in Liferay Portal
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module….
[concrete5/concrete5] Concrete CMS vulnerable to Cross-site Request Forgery
Concrete CMS is vulnerable to CSRF due to the lack of “State” parameter for external Concrete authentication service for users of Concrete who use the “out of the box” core OAuth.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-43693
https://docu…
[apache-airflow] Apache Airflow vulnerable to OS Command Injection via example DAGs
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow versions prior to 2.4.0.
References
https…
[pillow] Pillow subject to DoS via SAMPLESPERPIXEL tag
Pillow starting with 9.2.0 and prior to 9.3.0 allows denial of service via SAMPLESPERPIXEL. A large value in the SAMPLESPERPIXEL tag could lead to a memory and runtime DOS in TiffImagePlugin.py when setting up the context for image decoding. This issue…
[pillow] Pillow vulnerable to Data Amplification attack.
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
References
https://nvd.nist.gov/vuln/detail/CVE-2022-45198
https://github.com/python-pillow/Pillow/pull/6402
https://bugs.gentoo.org/855683
https://cwe….
[apache-airflow] Apache Airflow subject to Exposure of Sensitive Information
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affec…
[com.manydesigns:portofino] ManyDesigns Portofino subject to creation of insecure temporary file
A vulnerability has been found in ManyDesigns Portofino 5.3.2. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. U…
[github.com/shamaton/msgpack/v2] MessagePack for Golang subject to DoS via Unmarshal panic
Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. This issue has been patched in version 2.1.1.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-41719
https://github.com/shamaton/msgpack/issues/31
https://github….
[arches] Arches vulnerable to execution of arbitrary SQL
Impact
With a carefully crafted web request, it’s possible to execute certain unwanted sql statements against the database.Anyone running the impacted versions (<=6.1.1, 6.2.0, >=7.0.0, <=7.1.1) should upgrade as soon as possible.
Workarounds
…