Astra Linux - уязвимость в linux

The bpf verifier in the Linux kernel failed to properly handle truncation of the mod32 destination register when the source register was known to be 0. A local attacker who had the ability to load bpf programs could exploit this vulnerability by performing out-of-bounds reads in kernel memory,...

EUVD-2023-23766

Malicious code in bioql PyPI...

CVE-2024-1577

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2...

CVE-2024-50344

I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context...

CVE-2024-50344 I, Librarian has a Stored XSS vulnerability in Supplemental Files

I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context...

CVE-2024-50344 I, Librarian has a Stored XSS vulnerability in Supplemental Files

I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context...

CVE-2024-50344 I, Librarian has a Stored XSS vulnerability in Supplemental Files

I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context...

CVE-2024-50344

I, Librarian is affected by a vulnerability in its handling of Supplemental Files. Versions prior to 5.11.2 allow unsafe files containing JavaScript to execute within the application context due to broken MIME-type whitelisting. The issue can be triggered by uploading a malicious file and has bee...

PocketMine-MP BookEditPacket crash when inventory slot in the packet is invalid

Summary If a client sends a BookEditPacket with InventorySlot greater than 35, the server will crash due to an unhandled exception thrown by BaseInventory-getItem. Details Crashes at...

Nagios XI < 5.11.2 Multiple Vulnerabilities

According to the self-reported version of Nagios XI, the remote host is affected by multiple vulnerabilities, including the following: - A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via t...

CVE-2023-1522

SQL Injection in the Hardware Inventory report of Security Center 5.11.2...

CVE-2023-1522

SQL Injection in the Hardware Inventory report of Security Center 5.11.2...

CVE-2023-1522

SQL Injection in the Hardware Inventory report of Security Center 5.11.2...

CVE-2023-1522

CVE-2023-1522 affects Genetec Security Center, specifically the SQL injection vulnerability in the Hardware Inventory report, observed in version 5.11.2. The public descriptions across multiple sources concur that the issue arises from a SQL injection in the Hardware Inventory report component, w...

CVE-2023-1522

SQL Injection in the Hardware Inventory report of Security Center 5.11.2...

PT-2023-17050 · Unknown · Securitycenter

Name of the Vulnerable Software and Affected Versions: Security Center version 5.11.2 Description: The issue is related to SQL Injection in the Hardware Inventory report. Recommendations: For Security Center version 5.11.2, update to a version that contains a fix for this issue...

CVE-2021-42776

CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress Business Directory Plugin versions...

TIBCO Security Advisory: April 20, 2021 - TIBCO Administrator - Enterprise Edition -2021-28829

TIBCO Administrator CSV injection vulnerability Original release date: April 20,2021 Last revised: CVE-2021-28829 Source: TIBCO Software Inc. Products Affected TIBCO Administrator - Enterprise Edition versions 5.10.2 and below TIBCO Administrator - Enterprise Edition versions 5.11.0 and 5.11.1...

TIBCO Security Advisory: April 20, 2021 - TIBCO Administrator - Enterprise Edition -2021-28827

TIBCO Administrator Stored Cross Site Scripting vulnerability Original release date: April 20, 2021 Last revised: CVE-2021-28827 Source: TIBCOSoftware Inc. Products Affected TIBCO Administrator - Enterprise Edition versions 5.10.2 and below TIBCO Administrator - Enterprise Edition versions 5.11.0...