Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a deni…
[commons-jxpath:commons-jxpath] JXPath Out-of-bounds Write vulnerability
Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a deni…
[commons-jxpath:commons-jxpath] JXPath Out-of-bounds Write vulnerability
Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a deni…
[yetiforce/yetiforce-crm] YetiForce CRM vulnerable to stored Cross-site Scripting
YetiForce CRM version 6.4.0 and prior is vulnerable to stored cross-site scripting. A patch is available on the developer branch.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3002
https://github.com/yetiforcecompany/yetiforcecrm/commit/54728be…
[google-protobuf] protobuf-java has a potential Denial of Service issue
Summary
A potential Denial of Service issue in protobuf-java core and lite was discovered in the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unknown f…
[label-studio] Heartex – Label Studio Community Edition vulnerable to SSRF in the Data Import module
A Server Side Request Forgery (SSRF) in the Data Import module in Heartex – Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by def…
[lief] LIEF vulnerable to denial of service through segmentation fault
A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. A patch for this issue is available at commit fde2c4898…
[OrchardCore] OrchardCore vulnerable to HTML injection
OrchardCore versions starting with 1.0.0-rc1-11259 and prior to 1.4.0 are vulnerable to HTML injection. The vulnerability allows an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard th…
[DotNetNuke.Web] DNN vulnerable to Relative Path Traversal
DNN (GitHub repository dnnsoftware/dnn.platform) prior to 9.11.0 is vulnerable to Relative Path Traversal. Version 9.11.0 contains a patch for this issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2922
https://github.com/dnnsoftware/dnn.pla…
[lief] LIEF vulnerable to denial of service through segmentation fault
A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. A patch is available at commit number 24935f654f6df7…