SAP NetWeaver Application Server for Java is affected by improper access control vulnerability. An unauthenticated attacker can attach to an open interface and make use of an open naming and directory ...
Continue Reading
May 11, 2023
### Impact An attacker is able allocate arbitrarily many bytes in the Bitswap server by sending many `WANT_BLOCK` and or `WANT_HAVE` requests which are queued in an unbounded queue, with allocations t ...
Continue Reading
May 11, 2023
### Impact HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attributes and link URLs, e.g., supported in XWiki syntax. ### Pat ...
Continue Reading
May 11, 2023
### Impact Systems that run `distribution` built after a specific commit running on memory-restricted environments can suffer from denial of service by a crafted malicious `/v2/_catalog` API endpoint ...
Continue Reading
May 11, 2023
This package has been moved to [`github.com/ipfs/boxo/bitswap`](https://pkg.go.dev/github.com/ipfs/boxo/bitswap), this vulnerability is tracked there: https://github.com/ipfs/boxo/security/advisories/ ...
Continue Reading
May 11, 2023
### Impact The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory speci ...
Continue Reading
May 11, 2023
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease whe ...
Continue Reading
May 11, 2023
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is vulnerable to an authentication bypass (CVE-2022-43939) and a Server Side Template Injection ...
Continue Reading
May 11, 2023
Back to Main
