Read Time:6 Second
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
Category Archives: Advisories
CVE-2017-20151
Read Time:19 Second
A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The name of the patch is ac5590925874ef810018a6b60fec216eee54fb32. It is recommended to apply a patch to fix this issue. VDB-217054 is the identifier assigned to this vulnerability.
CVE-2017-20152
Read Time:25 Second
A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056.
CVE-2017-20153
Read Time:23 Second
A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability.
GitPython-3.1.30-1.el9
Read Time:8 Second
FEDORA-EPEL-2022-1dfe84c7fe
Packages in this update:
GitPython-3.1.30-1.el9
Update description:
Latest upstream release with security fix for CVE-2022-24439.
GitPython-3.1.30-1.fc37
Read Time:7 Second
FEDORA-2022-8146a727a8
Packages in this update:
GitPython-3.1.30-1.fc37
Update description:
Latest upstream release with fix for CVE-2022-24439.
GitPython-3.1.30-1.fc36
Read Time:7 Second
FEDORA-2022-ce7369b9ec
Packages in this update:
GitPython-3.1.30-1.fc36
Update description:
Latest upstream release with fix for CVE-2022-24439.
DSA-5307 libcommons-net-java – security update
Read Time:22 Second
ZeddYu Lu discovered that the FTP client of Apache Commons Net, a Java
client API for basic Internet protocols, trusts the host from PASV response
by default. A malicious server can redirect the Commons Net code to use a
different host, but the user has to connect to the malicious server in the
first place. This may lead to leakage of information about services running
on the private network of the client.
CVE-2017-20150
Read Time:16 Second
A vulnerability was found in challenge website. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is f1644b1d3502e5aa5284f31ea80d2623817f4d42. It is recommended to apply a patch to fix this issue. The identifier VDB-216989 was assigned to this vulnerability.
CVE-2018-25050
Read Time:26 Second
A vulnerability, which was classified as problematic, has been found in Harvest Chosen up to 1.8.6. Affected by this issue is the function AbstractChosen of the file coffee/lib/abstract-chosen.coffee. The manipulation of the argument group_label leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.7 is able to address this issue. The name of the patch is 77fd031d541e77510268d1041ed37798fdd1017e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216956.