Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-7rvp-xqj7-rxf2: Daylight Studio FUEL-CMS SQLi Vulnerability

SQL Injection vulnerability in file `Base_module_model.php` in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the `col` parameter to function `list_items`.

ghsa
Open in Source
#sql#vulnerability#git#php
GHSA-4987-5p3p-9r27: FaucetSDN Ryu Denial of Service Vulnerability

An issue was discovered in `OFPBundleCtrlMsg` in `parser.py` in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

GHSA-5x64-925v-h4gv: FaucetSDN Ryu Denial of Service Vulnerability

An issue was discovered in `OFPQueueGetConfigReply` in `parser.py` in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

GHSA-rvjp-j5j4-c9j5: Gila CMS Cross-site Scripting Vulnerability

Cross Site Scripting (XSS) vulnerability in `adm_user` parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation.

GHSA-mq4v-6vg4-796c: apache-airflow-providers-apache-drill Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider before 2.4.3. It is recommended to upgrade to a version that is not affected.

GHSA-9rww-66w7-7vjx: Mattermost fails to sanitize post metadata

Mattermost fails to sanitize post metadata during audit logging, resulting in permalinks' contents being logged.

GHSA-p267-jjfq-pphf: Mattermost fails to check if user is a guest before performing actions on public playbooks

Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks.

GHSA-6xjj-v76v-fwpj: Mattermost does not validate requesting user permissions before updating admin details

Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.

GHSA-g3v6-r8p9-wxg9: Mattermost fails to correctly delete attachments

Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message

GHSA-pr76-5cm5-w9cj: GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments

GitPython before 3.1.32 does not block insecure non-multi options in `clone` and `clone_from`, making it vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.