CVE-2023-23348 HCL Launch is vulnerable to sensitive information disclosure

HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed...

CVE-2023-23348 HCL Launch is vulnerable to sensitive information disclosure

HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed...

CVE-2023-23348

Technical details describing affected component, versions, root cause, and exploit status are not publicly available in the provided documents. Monitor for updates from sources like NVD, CVE lists, and vendor advisories before assessing risk or remediation.

PT-2023-18920 · Hcl · Hcl Launch

Name of the Vulnerable Software and Affected Versions: HCL Launch affected versions not specified Description: The issue concerns the potential disclosure of sensitive information in HCL Launch if a manual edit of a configuration file has been performed. Recommendations: At the moment, there is n...

Stored XSS in description of theme

Description The attacker can execute JavaScript code through the theme's description. Proof of Concept Step 1 : - Choose any theme to upload i used a copy of vanila theme - Open theme folder and change description tag of config.xml file vanilla Bootstrap Vanilla theme 16/10/2017 LimeSurvey GmbH...

CVE-2023-35890 IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637...

CVE-2023-35890 IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637...

PT-2023-25365 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5 through 9.0 Description: The issue is caused by improper encoding in a local configuration file, which could provide weaker than expected security. Recommendations: For IBM WebSphere Application...

CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

Advisory ROSA-SA-2023-2181

Software: Grafana 6.7.4 OS: ROSA Virtualization 2.1 packageevrstring: grafana-6.7.4-3.rv3.src.rpm CVE-ID: CVE-2023-3128 BDU-ID: 2023-03343 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Grafana web-based data submission tool is related to authentication bypass via spoofing. Exploitation of...

CVE-2023-36819 Knowage-Server vulnerable to Path traversal in download functionalities

Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch...

CVE-2023-36819 Knowage-Server vulnerable to Path traversal in download functionalities

Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch...

CVE-2023-36819

Knowage Server suffers a path-traversal vulnerability in the download template endpoint (/knowage/restful-services/dossier/importTemplateFile_) for 6.x.x up to 8.1.7, where the templateName parameter is not sanitized, allowing crafting of ../ to escape the template directory and read arbitrary fi...

Remote Code Execution for 2.4.1 and earlier

Impact OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. Patches Patched in 07c4641471c6f5c2ab5aab615969e97211eb50d9 and further refined in...

CVE-2023-36812 Remote Code Execution in OpenTSDB

OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...

PT-2023-25703 · Opentsdb · Opentsdb

Name of the Vulnerable Software and Affected Versions: OpenTSDB versions prior to 2.4.2 Description: OpenTSDB is vulnerable to Remote Code Execution by writing user-controlled input to the Gnuplot configuration file and running Gnuplot with the generated configuration. The issue has been patched ...

Input validation

Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishi...

CVE-2023-36471 HTML sanitizer allows form elements in restricted in org.xwiki.commons:xwiki-commons-xml

Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishi...

CVE-2023-36471 HTML sanitizer allows form elements in restricted in org.xwiki.commons:xwiki-commons-xml

Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishi...

Amazon Linux 2023 : cups, cups-client, cups-devel (ALAS2023-2023-215)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-215 advisory. OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service DoS attack. A buffer...