Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-mw9h-hcp7-fgc6: Exposure of Sensitive Information in OPCFoundation.NetStandard.Opc.Ua.Server

OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.

ghsa
Open in Source
#git
GHSA-mfpj-3qhm-976m: Uncontrolled Resource Consumption in asyncua and opcua

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.

GHSA-qpgc-xh7j-52q8: node-opcua DoS vulnerability via message with memory allocation that exceeds v8's memory limit

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.

GHSA-4hr4-pjjh-2q2w: Uncontrolled Resource Consumption in node-opcua

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.

GHSA-8mx2-gqx9-rm7f: Uncontrolled Resource Consumption in opcua

The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.

GHSA-xc4w-28g8-vqm5: Path Traversal in Gravitee API Management

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request.

GHSA-5rf4-f24c-hpvh: SQL injection in jflyfox jfinal

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.

GHSA-wv39-f3vx-3v6q: SQL injection in jflyfox jfinal

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.

GHSA-cv6r-h2fm-pvrp: HTML Injection in ActiveMQ Artemis Web Console

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.

GHSA-39gf-864w-pxw4: Unverified Password Change in OctoPrint

Versions of OctoPrint prior to 1.8.3 did not require the current user password in order to change that users password. As a result users could be locked out of their accounts or have their accounts stolen under certain circumstances.