CVE Catalog

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in TYPO3's backend user interface, specifically within the Indexed Search Module. This issue arises because deep link functionality does not properly enforce HTTP method requirements, allowing state-changing actions to be submitted via HTTP GET. Exploitation requires the victim to have an active backend session and to be tricked into clicking a malicious link, particularly under certain misconfigured settings. When successfully exploited, attackers can delete items within the Indexed Search component.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the TYPO3 Form Framework Module, affecting versions 10.0.0 through 10.4.47, 11.0.0 through 11.5.41, 12.0.0 through 12.4.24, and 13.0.0 through 13.4.2. The vulnerability arises from the backend user interface's deep link functionality, which improperly accepts state-changing actions via HTTP GET, lacking the necessary enforcement of correct HTTP methods. Exploitation requires the victim to have an active backend session and to be tricked into clicking a malicious link, particularly under conditions where the 'security.backend.enforceReferrer' feature is disabled and the 'BE/cookieSameSite' setting is lax or absent. Successful exploitation allows attackers to manipulate or delete saved form definitions.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the TYPO3 backend user interface, specifically within the Extension Manager Module. This issue arises because state-changing actions in downstream components improperly accepted submissions via HTTP GET, failing to enforce the correct HTTP method. Exploitation requires the victim to have an active session in the backend and to be tricked into clicking a malicious link that targets the backend. This could happen if the user opens a harmful link, such as one sent through email, or visits a compromised website with certain misconfigurations: the 'security.backend.enforceReferrer' feature turned off, and the 'BE/cookieSameSite' setting set to 'lax' or 'none'. The vulnerability allows attackers to access and install third-party extensions from the TYPO3 Extension Repository, potentially leading to remote code execution.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the TYPO3 backend user interface, specifically within the Dashboard Module. This issue arises from deep link functionality that improperly accepts state-changing actions via HTTP GET, lacking the necessary enforcement of correct HTTP methods. Exploitation requires the victim to have an active backend session and to be misled into clicking a malicious link, particularly under conditions where the 'security.backend.enforceReferrer' feature is turned off and the 'BE/cookieSameSite' setting is lax or absent.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the TYPO3 backend user interface, specifically within the user module of the 'beuser' extension. This issue arises because deep link functionality does not properly validate HTTP methods, allowing state-changing actions to be exploited. To successfully exploit this vulnerability, a user must have an active backend session and be tricked into clicking a malicious link. This exploitation is facilitated by certain misconfigurations, such as disabling the 'security.backend.enforceReferrer' feature and setting the 'BE/cookieSameSite' configuration to 'lax' or 'none'. Once exploited, attackers can initiate password resets for other backend users or terminate their sessions.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the TYPO3 backend user interface, specifically within the Log Module of the belog extension. This issue arises because state-changing actions in the Log Module improperly accepted HTTP GET requests without enforcing the correct HTTP method. Exploitation requires the victim to have an active backend session and to be tricked into clicking a malicious link that targets the backend. This can happen if the user opens a harmful link, such as one sent via email, or visits a compromised website while certain security settings are misconfigured. The vulnerability allows attackers to delete log entries.

A vulnerability allowing open redirect or Server-Side Request Forgery (SSRF) has been identified in TYPO3 applications that use the 'TYPO3\CMS\Core\Http\Uri' component to parse externally provided URLs, such as those received via query parameters. This issue arises when the parsed URL's host is validated but the URL is subsequently used, potentially leading to unauthorized redirection or SSRF attacks.

A vulnerability in TYPO3 CMS versions 13.4.2 has been identified, where the Install Tool password was logged in plaintext. This occurred if the password hashing mechanism was incorrect. Users are recommended to update to TYPO3 version 13.4.3 LTS, which addresses this issue. No workarounds are available.

A vulnerability in Git Large File Storage (LFS) versions 0.1.0 prior to 3.6.0 allows for the retrieval of Git credentials through manipulated HTTP URLs. When Git LFS requests credentials from Git for a remote host, it inadvertently includes parts of the host's URL in the `git-credential` command without removing embedded line-ending control characters. This oversight enables attackers to insert URL-encoded control characters, such as line feed (LF) or carriage return (CR), into the URL, potentially leading to the extraction of a user's Git credentials. The issue arises because the Git credential helper cannot distinguish between legitimate line feed characters and those added by the URL encoding, causing a credential request to fail if a line feed is detected. This vulnerability is similar to a previously addressed issue in Git, indicating a common flaw in handling URL-encoded data.

A denial-of-service vulnerability has been identified in the PCX image codec of QNX Software Development Platform (SDP) versions 8.0, 7.1, and 7.0. This vulnerability arises from improper input validation, which could allow an unauthenticated attacker to disrupt the process using the image codec by inducing it to parse a maliciously crafted PCX format image file.

A vulnerability in the Wikimedia Foundation MediaWiki SocialProfile Extension allows unauthorized users to access sensitive information. This issue arises because the Special:EditProfile page does not properly respect the visibility settings of profile fields. As a result, a user with the 'editothersprofiles' permission can view 'hidden' fields or those designated for 'friends' or 'friends of friends' when they are not in the user's friend circle. The vulnerability affects MediaWiki SocialProfile Extension versions 1.39.X prior to 1.39.11, 1.41.X prior to 1.41.3, and 1.42.X prior to 1.42.2.

A vulnerability in the GlobalBlocking Extension of Wikimedia's MediaWiki allows unauthorized retrieval of embedded sensitive data. This issue affects the master branch of the extension. When a global block is applied to a user, the associated IP address can be exposed through the 'globalblocks' API, revealing details of the autoblock. This vulnerability was present in a beta environment but not in any production release.

A cross-site scripting (XSS) vulnerability has been identified in the RefreshSpecial extension for MediaWiki. This issue affects versions 1.39.X prior to 1.39.11, 1.41.X prior to 1.41.3, and 1.42.X prior to 1.42.2. The vulnerability arises from improper input sanitization during web page generation, allowing malicious users to inject harmful scripts that could be executed in the context of the user's browser.

A vulnerability in Gradio's Access Control List (ACL) for file paths allows for bypassing restrictions on blocked files or directories. This issue arises from the absence of case normalization in the file path validation process. On case-insensitive file systems like those used by Windows and macOS, attackers can exploit this flaw to access sensitive files that should be protected. The vulnerability could lead to unauthorized data access, exposing critical information and compromising Gradio's security model. This issue affects Gradio versions prior to 5.6.0 and has been addressed in version 5.6.0.

A vulnerability exists in Umbraco.Forms versions through 10.5.7 and prior to 8.13.16, allowing character limits set by editors for short and long answer fields to be validated only on the client side, with no server-side enforcement. This could lead to fields being submitted with excessive characters, potentially causing issues downstream. The vulnerability arises because the framework does not properly validate input lengths on the server, leaving room for overlong submissions that could disrupt application functionality.

A vulnerability allowing arbitrary code execution has been identified in Adobe Illustrator on iPad, specifically in versions 3.0.7 and earlier. This issue arises from an integer underflow vulnerability that could be exploited if a user opens a malicious file. The exploitation occurs within the context of the current user.

A vulnerability allowing arbitrary code execution has been identified in Adobe Illustrator on iPad, affecting versions 3.0.7 and earlier. This issue arises from an integer underflow vulnerability that could be exploited if a user opens a malicious file. The execution of arbitrary code would occur in the context of the current user.

An out-of-bounds write vulnerability has been identified in Adobe Substance 3D Stager versions through 3.0.4. This vulnerability could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file.

An out-of-bounds write vulnerability has been identified in Adobe Substance 3D Stager versions 3.0.4 and earlier. This vulnerability could allow for arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file.

An out-of-bounds write vulnerability has been identified in Adobe Substance 3D Stager versions 3.0.4 and earlier. This vulnerability could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file.

A heap-based buffer overflow vulnerability has been identified in Adobe Substance 3D Stager versions through 3.0.4. This vulnerability could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file.

A stack-based buffer overflow vulnerability has been identified in Adobe Substance 3D Stager versions through 3.0.4. This vulnerability could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file.

A vulnerability allowing arbitrary code execution has been identified in Adobe Photoshop Desktop versions 25.12, 26.1 and earlier. This issue arises from an Uncontrolled Search Path Element vulnerability, where an attacker can manipulate the search path environment variable to direct the application to a malicious library. When the application loads this library, it can execute arbitrary code. Exploitation of this vulnerability requires user interaction, as the victim must manually run the affected application.

A vulnerability allowing integer underflow has been identified in Adobe Photoshop Desktop versions 25.12, 26.1 and earlier. This vulnerability could lead to arbitrary code execution within the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file.

A server-side request forgery (SSRF) vulnerability has been identified in Invoice Ninja versions 5.8.56 prior to 5.11.23. This vulnerability allows authenticated users to make arbitrary file read requests and access network resources on behalf of the application user.

A denial-of-service vulnerability has been identified in Django versions 5.1 prior to 5.1.5, 5.0 prior to 5.0.11, and 4.2 prior to 4.2.18. The issue arises from a lack of upper-bound limit enforcement in strings used for IPv6 validation, potentially leading to a denial-of-service attack. This vulnerability affects the private functions 'clean_ipv6_address' and 'is_valid_ipv6_address', as well as the 'django.forms.GenericIPAddressField' form field. However, the 'django.db.models.GenericIPAddressField' model field is not affected.

A vulnerability exists in Git Credential Manager (GCM) due to improper handling of Carriage Return characters in URLs. This issue arises because Git and GCM interpret newlines differently, leading to a scenario where credentials for one server can be mistakenly sent to another. The vulnerability affects GCM versions through 2.6.0 and has been patched in 2.6.1. Users are advised to upgrade or, if unable to do so, to avoid cloning from untrusted URLs, especially with the recursive option.

A vulnerability in Git's credential handling can mislead users into providing sensitive information, such as passwords, for trusted Git hosting sites. This occurs when Git prompts for credentials in the terminal without using a credential helper. The vulnerability is present in Git versions 2.48.0 through 2.47.1, 2.46.2 through 2.45.2, 2.44.2, 2.43.5, 2.42.3, 2.41.2, and 2.40.3. During the credential prompt, Git prints the host name with any URL-encoded parts decoded, allowing attackers to craft URLs with ANSI escape sequences. These sequences can confuse users into sending passwords to untrusted sites under the attacker's control.

A vulnerability in Git Credential Manager (GCM) exists due to improper handling of carriage-return characters in the Git credential protocol. GCM, a secure credential helper built on .NET, reads credentials from standard input as key-value pairs. While Git treats carriage-return characters as invalid, GCM's underlying .NET implementation considers them as newlines. This discrepancy allows attackers to craft malicious URLs that, when accessed, can leak credentials for other Git remotes. The issue is exacerbated when cloning repositories with submodules using the '--recursive' option, as submodule URLs cannot be inspected beforehand.

A critical remote code execution vulnerability has been identified in Rasa Open Source versions prior to 3.6.21 and Rasa Pro versions prior to 3.10.12, 3.9.16, and 3.8.18. The vulnerability allows an attacker to execute arbitrary code by loading a maliciously crafted model into a Rasa instance. This issue arises when the HTTP API is enabled without proper authentication or security controls, creating an opportunity for exploitation.

A NULL pointer dereference vulnerability has been identified in the PCX image codec of QNX Software Development Platform (SDP) versions 8.0, 7.1, and 7.0. This vulnerability could allow an unauthenticated attacker to induce a denial-of-service condition in the process utilizing the image codec by forcing the system to parse a maliciously crafted PCX format image file.

An out-of-bounds write vulnerability has been identified in the PCX image codec of QNX Software Development Platform (SDP) versions 8.0, 7.1, and 7.0. This vulnerability could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec. The vulnerability arises when the image codec is induced to parse a maliciously crafted PCX format image file.

An out-of-bounds read vulnerability has been identified in the TIFF image codec of QNX Software Development Platform (SDP) versions 8.0, 7.1, and 7.0. This vulnerability could allow an unauthenticated attacker to cause information disclosure in the context of the process using the image codec, by inducing the system to parse a maliciously crafted TIFF image file.

An off-by-one error vulnerability has been identified in the TIFF image codec of QNX Software Development Platform (SDP) versions 8.0, 7.1, and 7.0. This vulnerability could allow an unauthenticated attacker to cause information disclosure within the context of the process using the image codec. The issue arises when the system is induced to parse a maliciously crafted TIFF image file.

A cross-site scripting vulnerability has been identified in the HAL Console component of Wildfly. This issue arises because the application fails to properly sanitize user input before it is displayed on web pages served to other users. To exploit this vulnerability, an attacker must be authenticated and belong to one of the following management groups: 'SuperUser', 'Admin', or 'Maintainer'.

An authenticated command injection vulnerability has been identified in the command line interface of HPE Aruba Networking AOS-8 and AOS-10 operating systems. This vulnerability allows attackers to execute arbitrary commands as a privileged user on the underlying operating system. The issue affects HPE Aruba Networking Mobility Conductors, Controllers, and WLAN and SD-WAN Gateways managed by HPE Aruba Networking Central, specifically in AOS-10.4.x.x versions through 10.4.1.4, and AOS-8.12.x.x versions through 8.12.0.2, as well as AOS-8.10.x.x versions through 8.10.0.14.

A vulnerability allowing authenticated parameter injection has been identified in the web-based management interface of HPE Aruba Networking AOS-8 and AOS-10 operating systems. This vulnerability could be exploited by an authenticated user to overwrite arbitrary system files.

A privilege escalation vulnerability has been identified in the XWiki Platform Realtime WYSIWYG Editor extension, affecting versions 13.9-rc-1 prior to 15.10.12, 13.9-rc-1 prior to 16.4.1, and 13.9-rc-1 prior to 16.6.0-rc-1. In the vulnerable versions, a user with edit rights can join a realtime editing session where other participants have script or programming access. This user can insert script rendering macros that are executed for those with script rights in the session, potentially leading to unauthorized access rights. The vulnerability arises because the realtime editing feature, which was experimental and not recommended in the affected versions, has become enabled by default in XWiki 16.9.0.

A vulnerability exists in the Vyper compiler versions through 0.4.0, where calls to the Ethereum precompiles EcRecover (0x1) and Identity (0x4) do not properly check for successful execution. This oversight allows an attacker to manipulate the gas provided to these calls, potentially causing incorrect execution results while exploiting the EVM's gas handling rules. After a failed precompile call, only a fraction of the original gas remains, limiting the complexity of subsequent operations. Although this issue has been addressed in Vyper version 0.4.1, it could lead to unintended consequences in smart contracts that rely on the affected precompiles.

A remote code execution vulnerability has been identified in the Windows Telephony Service. This issue allows an attacker to execute arbitrary code on the affected system. The vulnerability arises from a heap-based buffer overflow.

A remote code execution vulnerability has been identified in the Windows Telephony Service. This vulnerability allows an attacker to execute arbitrary code on the affected system. It is present in multiple versions of Windows Server, including 2012 R2, 2008 R2, and 2008, as well as in Windows Server 2012 (Server Core installation). The vulnerability arises from a heap-based buffer overflow, which can be exploited by tricking a user into sending a request to a malicious server that returns harmful data.

A remote code execution vulnerability has been identified in the Windows Telephony Service. This vulnerability allows an attacker to execute arbitrary code on the affected system. It is present in several versions of Windows Server and Windows 10, as well as in Windows 11. The vulnerability arises from a heap-based buffer overflow, which can be exploited by tricking a user into sending a request to a malicious server that returns harmful data.

A remote code execution vulnerability has been identified in the Windows Telephony Service. This issue allows an attacker to execute arbitrary code on the affected system.

An elevation of privilege vulnerability has been identified in Visual Studio. This issue allows an attacker to gain higher privileges than intended, potentially leading to unauthorized actions or access within the application.

A vulnerability allowing information disclosure has been identified in the Microsoft On-Premises Data Gateway. This issue arises when a SAP HANA data source is configured to use single sign-on (SSO). Successful exploitation could allow an attacker to access data from the targeted Power BI dashboard, depending on the privileges of the compromised user.

A remote code execution vulnerability has been identified in Microsoft Office OneNote. This issue affects multiple versions of OneNote for Mac, as well as Office LTSC for Mac 2024 and 2021. The vulnerability arises from improper restrictions on file names and resources, allowing for unauthorized code execution.

A remote code execution vulnerability has been identified in Microsoft Access. This issue allows an attacker to execute arbitrary code on the affected system.

A spoofing vulnerability has been identified in Microsoft SharePoint Server. This vulnerability allows an attacker to impersonate another user, potentially leading to unauthorized access or actions within the SharePoint environment.

A denial-of-service vulnerability has been identified in the Windows upnphost.dll component. This issue can lead to a disruption of service, causing applications or services to become unresponsive or unavailable.

An elevation of privilege vulnerability has been identified in the Windows Graphics Component. This vulnerability allows an attacker to gain higher privileges on the system.