Design/Logic Flaw

SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the sqlpage/sqlpage.json configuration file not in an environment variable, with the webroot is the current working...

CVE-2023-42454 SQLpage vulnerable to public exposure of database credentials

SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the sqlpage/sqlpage.json configuration file not in an environment variable, with the webroot is the current working...

Karenderia MRS 5.3 Directory Traversal

==================================================================================================================================== | Title : Karenderia MRS v5.3 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

CuppaCMS 代码注入漏洞

CuppaCMS is a content management system CMS. A code execution vulnerability exists in CuppaCMS v1.0, which stems from the emailoutgoing parameter of the /Configuration.php file failing to properly filter the special elements of a constructed snippet. An attacker can exploit this vulnerability to...

CVE-2023-41057

hyper-bump-it is a command line tool for updating the version in project files.hyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched fil...

CVE-2023-41057 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it

hyper-bump-it is a command line tool for updating the version in project files.hyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched fil...

CVE-2023-41057 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it

hyper-bump-it is a command line tool for updating the version in project files.hyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched fil...

CVE-2023-41057 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it

hyper-bump-it is a command line tool for updating the version in project files.hyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched fil...

GHSA-XC27-F9Q3-4448 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it

Summary hyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched files should be contained within the project root directory, but that is n...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it

Summary hyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched files should be contained within the project root directory, but that is n...

Design/Logic Flaw

Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A Cybersecurity tag dated 20230522 for more details. This issue affects...

CVE-2023-34391 Insecure Inherited Permissions

Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A Cybersecurity tag dated 20230522 for more details. This issue affects...

CVE-2023-34391

CVE-2023-34391 concerns an insecure inherited permissions vulnerability in Schweitzer Engineering Laboratories’ SEL-5033 AcSELerator RTAC Software running on Windows. The issue stems from insecure/inherited configuration file search paths, enabling manipulation of configuration files by an attack...

CVE-2023-34391 Insecure Inherited Permissions

Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A Cybersecurity tag dated 20230522 for more details. This issue affects...

CVE-2023-30079

A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow that results in a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options don't meet th...

CVE-2023-30078

A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow that results in a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options don't meet th...

subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

CVE-2023-40354

An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08....

Amazon Linux 2 : python-configobj (ALAS-2023-2188)

The version of python-configobj installed on the remote host is prior to 4.7.2-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2188 advisory. All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate...