Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-mjmq-gwgm-5qhm: Apache MINA SSHD information disclosure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks. This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10

ghsa
Open in Source
#vulnerability#apache#git#auth#ssh
GHSA-6qq7-3hqc-p5w4: Wallabag vulnerable to Allocation of Resources Without Limits or Throttling

A vulnerability was found in wallabag 2.5.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /config of the component Profile Config. The manipulation of the argument Name leads to allocation of resources. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233359. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

GHSA-524r-w8fx-hqg3: TeamPass Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

GHSA-6g2w-257v-3c9f: Apache Camel information exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel. This issue affects Apache Camel from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-RC1

CVE-2023-3599: demo/click_fees.md at main · movonow/demo

A vulnerability was found in SourceCodester Best Fee Management System 1.0. It has been rated as critical. Affected by this issue is the function save_user of the file admin_class.php of the component Add User Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-233450 is the identifier assigned to this vulnerability.

CVE-2023-37701: IoT-Vulns/tenda/6908 at main · FirmRec/IoT-Vulns

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.

CVE-2023-37700: IoT-Vulns/tenda/6905 at main · FirmRec/IoT-Vulns

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.

CVE-2023-37702: IoT-Vulns/tenda/6801 at main · FirmRec/IoT-Vulns

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.

CVE-2023-37703: IoT-Vulns/tenda/6907 at main · FirmRec/IoT-Vulns

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.

CVE-2023-37707: IoT-Vulns/tenda/6904 at main · FirmRec/IoT-Vulns

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function.