Impact
This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the “Editor” section, …
[powerline-gitstatus] Powerline Gitstatus vulnerable to arbitrary code execution
powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus…
[node-saml] Signature bypass via multiple root elements
Impact
A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticate…
[node-saml] Signature bypass via multiple root elements
Impact
A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticate…
[com.amazon.redshift:redshift-jdbc42] com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution
Impact
A potential remote command execution issue exists within redshift-jdbc42 versions 2.1.0.7 and below. When plugins are used with the driver, it instantiates plugin instances based on Java class names provided via the sslhostnameverifier, socketFa…
[loader-utils] loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
A regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils via the resourcePath variable in interpolateName.js. A badly or maliciously formed string could be used to send craf…
[org.ini4j:ini4j] org.ini4j allows attackers to cause a Denial of Service (DoS)
An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-41404
https://sourceforge.net/p/ini4j…
[NuGet.Commands] NuGet Elevation of Privilege Vulnerability
Description
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0.0-rc, .NET 6.0, .NET Core 3.1, and NuGet (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol). This advisory also provides guid…
[melisplatform/melis-asset-manager] melisplatform/melis-asset-manager vulnerable to Path Traversal
Impact
Attackers can read arbitrary files on affected versions of melisplatform/melis-asset-manager, leading to the disclosure of sensitive information. Conducting this attack does not require authentication.
Users should immediately upgrade to melispl…
[melisplatform/melis-cms] melisplatform/melis-cms vulnerable to deserialization of untrusted data
Impact
Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-cms, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication.
Users should immediately…