| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| vim is vulnerable to Heap-based Buffer Overflow |
| grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe. |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) |
| grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality. |
| bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type |
| It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks. |
| OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash). |
| If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. |
| OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive. |
| OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. |
| OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on. |
| bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type |
| A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments. |
| grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| vim is vulnerable to Heap-based Buffer Overflow |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) |
