Ghost

**Name of the Vulnerable Software and Affected Versions** Drupal core versions 8.0.0 through 10.3.12 Drupal core versions 10.4.0 through 10.4.2 Drupal core versions 11.0.0 through 11.0.11 Drupal core versions 11.1.0 through 11.1.2 **Description** The issue is related to an Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability, which allows Object Injection in Drupal core. **Recommendations** For versions 8.0.0 through 10.3.12, update to version 10.3.13 or later. For versions 10.4.0 through 10.4.2, update to version 10.4.3 or later. For versions 11.0.0 through 11.0.11, update to version 11.0.12 or later. For versions 11.1.0 through 11.1.2, update to version 11.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** robdns version d76d2e6 **Description** A heap overflow was discovered in robdns via the component `block->filename` at `/src/zonefile-insertion.c`. **Recommendations** For version d76d2e6, consider restricting access to the vulnerable component `block->filename` until a patch is available. As a temporary workaround, avoid using the `block->filename` component in the affected `/src/zonefile-insertion.c` file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** robdns version d76d2e6 **Description** A misaligned address was discovered in the robdns commit d76d2e6 at the `/src/zonefile-insertion.c` location. **Recommendations** For version d76d2e6, consider updating to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** smartdns version 54b4dc **Description** A misaligned address was discovered at smartdns/src/dns.c in smartdns commit 54b4dc. **Recommendations** For smartdns version 54b4dc, update to a version that fixes the misaligned address issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** smartdns version 54b4dc **Description** A misaligned address was discovered at smartdns/src/util.c in smartdns commit 54b4dc. **Recommendations** For version 54b4dc, consider updating to a newer version that addresses the misaligned address issue at smartdns/src/util.c. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JHipster generator-jhipster versions prior to 2.23.0 **Description** The issue allows for a timing attack against the `validateToken` function due to a string comparison that stops at the first different character. This enables attackers to guess tokens through brute force, one character at a time, by observing the timing. The search space is reduced to a linear amount of guesses based on the token length times the possible characters. **Recommendations** For versions prior to 2.23.0, update to version 2.23.0 or later to resolve the issue. As a temporary workaround, consider implementing a constant-time comparison for the `validateToken` function to prevent timing attacks.

**Name of the Vulnerable Software and Affected Versions** ImageMagick (affected versions not specified) **Description** A heap-based buffer overflow issue was found in ImageMagick's `PushCharPixel()` function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dzzoffice version 2.02.1 SC UTF8 **Description** The issue is related to incorrect access control in the component "/index.php?mod=system&op=orgtree" of dzzoffice, allowing unauthenticated attackers to browse departments and usernames. **Recommendations** For dzzoffice version 2.02.1 SC UTF8, consider restricting access to the "/index.php?mod=system&op=orgtree" endpoint to prevent unauthenticated browsing of departments and usernames.

**Name of the Vulnerable Software and Affected Versions** dzzoffice version 2.02.1 SC UTF8 **Description** A reflected cross-site scripting issue allows attackers to execute arbitrary web scripts or HTML by exploiting the zero parameter. **Recommendations** For dzzoffice version 2.02.1 SC UTF8, consider restricting access to the vulnerable parameter to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GreenCMS version 2.3 **Description** A Cross Site Request Forgery issue allows an attacker to gain privileges via the `adduser` function of "index.php". **Recommendations** For GreenCMS version 2.3, consider disabling the `adduser` function in "index.php" as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Faveo Helpdesk versions 1.0 through 1.11.1 **Description** The issue arises from a lack of validation on user input data during the login process. This allows parameters passed from the front end to the back end to be controlled, leading to SQL injection. **Recommendations** For Faveo Helpdesk versions 1.0 through 1.11.1, consider validating user input data to prevent SQL injection attacks. As a temporary workaround, restrict access to sensitive database operations until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** rizin (affected versions not specified) **Description** A flaw was found in the create section from phdr function, which allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, leading to memory corruption and possibly code execution through the binary object's callback function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jocms version 0.8 **Description** The issue allows remote attackers to execute arbitrary SQL commands and view sensitive information. This is achieved via the `jo delete mask` function in `jocms/apps/mask/mask.php`. **Recommendations** For jocms version 0.8, consider disabling the `jo delete mask` function in `jocms/apps/mask/mask.php` as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** jocms version 0.8 **Description** The issue allows remote attackers to execute arbitrary SQL commands and view sensitive information. This is achieved via the `jo json check` function in `jocms/apps/mask/inc/getmask.php`. **Recommendations** For jocms version 0.8, consider restricting access to the `jo json check` function in `jocms/apps/mask/inc/getmask.php` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** jocms version 0.8 **Description** The issue allows remote attackers to execute arbitrary SQL commands and view sensitive information. This is achieved via the `jo json check()` function in `jocms/apps/mask/inc/mask.php`. **Recommendations** For jocms version 0.8, consider disabling the `jo json check()` function until a patch is available to prevent exploitation. Restrict access to the `mask.php` file to minimize the risk of SQL injection attacks. Avoid using the `jo json check()` function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jocms version 0.8 **Description** The issue allows remote attackers to execute arbitrary SQL commands and view sensitive information. This is achieved via the `jo set mask()` function in `jocms/apps/mask/mask.php`. **Recommendations** For jocms version 0.8, consider disabling the `jo set mask()` function as a temporary workaround until a patch is available. Restrict access to the `mask.php` file in the `jocms/apps/mask` directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Feehi CMS versions prior to 2.1.2 **Description** The issue allows attackers to run arbitrary code via a crafted image upload, exploiting a File Upload vulnerability. **Recommendations** For Feehi CMS versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Feehi CMS versions 2.1.1 and earlier **Description** The issue allows attackers to run arbitrary code via the `user name` field of the "/login" API endpoint. This is a Cross Site Scripting (XSS) issue, which means attackers can inject malicious scripts into the website, potentially leading to unauthorized access or control. **Recommendations** For Feehi CMS versions 2.1.1 and earlier, as a temporary workaround, consider restricting access to the login page or validating and sanitizing the `user name` field to prevent malicious code injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AFDudley/equanimity versions prior to 2014-04-23 **Description** The issue allows absolute path traversal due to the unsafe use of the Flask send file function. **Recommendations** For versions prior to 2014-04-23, consider restricting access to the send file function until a patch is available. As a temporary workaround, avoid using the send file function with untrusted input.

**Name of the Vulnerable Software and Affected Versions** Atom02/flask-mvc versions prior to 2020-09-14 **Description** The issue allows absolute path traversal due to the unsafe use of the Flask send file function. **Recommendations** For versions prior to 2020-09-14, update to a version that safely utilizes the Flask send file function to prevent absolute path traversal.