Design/Logic Flaw

Shopware is an open source e-commerce software. Due to an incorrect configuration in the .htaccess file, the configuration file of the Javascript could be read in production environments themes/package-lock.json. With this information, the specific Shopware version in a deployment might be...

CVE-2023-34098

CVE-2023-34098 affects Shopware (open source e-commerce software). Amisconfigured .htaccess allows reading the Javascript configuration file in production environments (themes/package-lock.json), enabling an attacker to determine the specific Shopware version deployed. This is an information‑disc...

Command injection

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lea...

LSMS - Linux Security And Monitoring Scripts

These are a collection of security and monitoring scripts you can use to monitor your Linux installation for security-related events or for an investigation. Each script works on its own and is independent of other scripts. The scripts can be set up to either print out their results, send them to...

MGASA-2023-0198 Updated cups packages fix security vulnerability

A heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service DoS attack. A buffer overflow vulnerability in the function 'formatlogline' could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when...

CVE-2023-34252

Grav is a flat-file content management system. Prior to version 1.7.42, there is a logic flaw in the GravExtension.filterFilter function whereby validation against a denylist of unsafe functions is only performed when the argument passed to filter is a string. However, passing an array as a...

CVE-2023-34252 Grav Server-side Template Injection via Insufficient Validation in filterFilter

Grav is a flat-file content management system. Prior to version 1.7.42, there is a logic flaw in the GravExtension.filterFilter function whereby validation against a denylist of unsafe functions is only performed when the argument passed to filter is a string. However, passing an array as a...

CVE-2023-30631

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.pushmethodenabled didn't function. However, by default the PUSH method is blocked in the ipallow configuration file.This issue affects Apache Traffic Server:...

EulerOS Virtualization 2.11.0 : grub2 (EulerOS-SA-2023-2095)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing...

Schweitzer Engineering Laboratories RTAC Improper Input Validation (CVE-2023-31162)

An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file. See SEL Service Bulletin dated 2022-11-15 for more...

Debian: Security Advisory (DLA-3440-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

OpenPrinting CUPS is vulnerable to Denial Of Service DoS. The vulnerability exists due to the heap buffer overflow in the formatlogline of the library, which allows an attacker to cause an application crash when the configuration file cupsd.conf sets the value of loglevel to DEBUG...

CVE-2023-34094 ChuanhuChatGPT vulnerable to unauthorized configuration file access

ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...

Slackware Linux 14.2 / 15.0 / current cups Vulnerability (SSA:2023-153-01)

The version of cups installed on the remote host is prior to 2.1.4 / 2.4.3. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-153-01 advisory. - OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would...

SUSE SLES12 Security Update : cups (SUSE-SU-2023:2346-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2346-1 advisory. - OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remot...

Debian dla-3440 : cups - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3440 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3440-1 [email protected] https://www.debian.org/lts/security/...

Heap overflow

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service DoS attack. A buffer overflow vulnerability in the function formatlogline could allow remote attackers to cause a DoS ...

CVE-2023-32324 OpenPrinting CUPS vulnerable to heap buffer overflow

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service DoS attack. A buffer overflow vulnerability in the function formatlogline could allow remote attackers to cause a DoS ...

CVE-2023-32324 OpenPrinting CUPS vulnerable to heap buffer overflow

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service DoS attack. A buffer overflow vulnerability in the function formatlogline could allow remote attackers to cause a DoS ...

CVE-2023-32324

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service DoS attack. A buffer overflow vulnerability in the function formatlogline could allow remote attackers to cause a DoS ...