OBS-Vigilance

TitleDescriptionDate
Bibliothèques Go: five vulnerabilities dated 07/03/2024open in new windowAn attacker can use several vulnerabilities of Bibliothèques Go, dated 07/03/2024...Visit link for details
body-parser: overload via Url Encodingopen in new windowAn attacker can trigger an overload of body-parser, via Url Encoding, in order to trigger a denial of service...Visit link for details
serve-static: code execution via redirect()open in new windowAn attacker can use a vulnerability of serve-static, via redirect(), in order to run code...Visit link for details
Send: code execution via SendStream.redirect()open in new windowAn attacker can use a vulnerability of Send, via SendStream.redirect(Visit link for details
Webpack: Cross Site Scripting via DOM Clobberingopen in new windowAn attacker can trigger a Cross Site Scripting of Webpack, via DOM Clobbering, in order to run JavaScript code in the context of the web site...Visit link for details
WEBrick: header injection via Content-Length / Transfer-Encodingopen in new windowAn attacker can add new headers on WEBrick, via Content-Length / Transfer-Encoding, in order to alter the service behavior...Visit link for details
NLnet Labs Unbound: overload via EDEopen in new windowAn attacker can trigger an overload of NLnet Labs Unbound, via EDE, in order to trigger a denial of service...Visit link for details
Joomla HikaShop: Cross Site Scripting via Backendopen in new windowAn attacker can trigger a Cross Site Scripting of Joomla HikaShop, via Backend, in order to run JavaScript code in the context of the web site...Visit link for details
GitLab CE/EE: three vulnerabilities dated 07/03/2024open in new windowAn attacker can use several vulnerabilities of GitLab CE/EE, dated 07/03/2024...Visit link for details
Cacti: four vulnerabilities dated 07/10/2024open in new windowAn attacker can use several vulnerabilities of Cacti, dated 07/10/2024...Visit link for details