| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially exposed through browser history, Referer headers, and proxy logs. Version 1.16.1 patches the issue. |
| An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges. |
| HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents (PDFs, attachments) associated with any submission. The problem was patched in commit ceacd5f1476458792c44c6a993670f02c984b4a0. |
| Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery (SSRF) via HTML Check CSS Download. The HTML Check feature (`/api/v1/message/{ID}/html-check`) is designed to analyze HTML emails for compatibility. During this process, the `inlineRemoteCSS()` function automatically downloads CSS files from external `<link rel="stylesheet" href="...">` tags to inline them for testing. Version 1.28.3 fixes the issue. |
| Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance. |
| Tanium addressed an improper output sanitization vulnerability in Tanium Appliance. |
| Tanium addressed a documentation issue in Engage. |
| Tanium addressed an improper input validation vulnerability in Discover. |
| Tanium addressed an improper access controls vulnerability in Patch. |
| Tanium addressed an improper access controls vulnerability in Deploy. |
| Tanium addressed an improper link resolution before file access vulnerability in Enforce. |
| Tanium addressed an improper input validation vulnerability in Deploy. |
| HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. This issue has been patched in versions 9.0.892 and 9.1.893-beta. |
| Tanium addressed an uncontrolled resource consumption vulnerability in Connect. |
| Tanium addressed an information disclosure vulnerability in Threat Response. |
| Tanium addressed an information disclosure vulnerability in Threat Response. |
| Tanium addressed an improper input validation vulnerability in Tanium Appliance. |
| Tanium addressed an information disclosure vulnerability in Threat Response. |
| Tanium addressed an information disclosure vulnerability in Threat Response. |
| Tanium addressed an information disclosure vulnerability in Threat Response. |
