229 matches found
CVE-2023-51708
Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For...
CVE-2023-51708
Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For...
Information disclosure
Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For...
CVE-2023-51708
Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For...
CVE-2023-51708
Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For...
How to Configure Advanced Syslog Integration Options
Purpose This article documents advanced configuration options for syslog integration with Veeam Backup & Replication, a new feature starting in version 12.1. Solution The following advanced configuration options are available: Add BOM Before MSG Field Add the Unicode byte order mask BOM before th...
CVE-2023-5752
A flaw was found in the Python pip package. The pip could allow a local authenticated attacker to bypass security restrictions due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker can inject arbitrary configuration options to the "h...
Command Injection
pip is vulnerable to Command Injection. While installing a package from Mercurial VCS URL, a specified mercurial URL could be used to inject arbitrary configuration options to the hg clone call. Controlling the Mercurial configuration can modify how and which repository is installed...
Input validation
Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require...
Input validation
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device...
CVE-2023-20219
Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require...
Command Injection in pip when used with Mercurial
When installing a package from a Mercurial VCS URL, e.g. pip install hg+..., with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call e.g. --config. Controlling the Mercurial configuration can modify how and which...
PT-2023-7006
Name of the Vulnerable Software and Affected Versions pip versions prior to v23.3 Description The issue is related to the injection of arbitrary configuration options to the "hg clone" call when installing a package from a Mercurial VCS URL using pip. This can modify how and which repository is...
Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries
Impact An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user accou...
Cross site scripting
An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by...
CVE-2023-5562 Unsafe default allows for cross-site scripting attacks in KNIME Server and KNIME Business Hub
An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by...
PT-2023-26856 · Aruba · Arubaos-Switch
Name of the Vulnerable Software and Affected Versions: ArubaOS-Switch affected versions not specified Description: A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting XSS attack against a user of th...
Return Address Security Bulletin
Bulletin ID: AMD-SB-7005 Potential Impact: Data Confidentiality Severity: Medium Summary AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. The attack can result in speculative execution at an attacker-controlled address, potentially leading ...
CVE-2020-36716
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setuppage function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard if it has not been run previously and...
Authorization
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setuppage function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard if it has not been run previously and...