8697 matches found
CVE-2023-34238 Local File Inclusion vulnerability in Gatsby
Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...
CVE-2023-34238 Local File Inclusion vulnerability in Gatsby
Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...
Design/Logic Flaw
OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the...
CVE-2023-34234
OpenZeppelin Contracts’ Governor-related vulnerability (CVE-2023-34234) allows an attacker to frontrun the creation of a proposal, enabling the attacker to become the proposer and repeatedly cancel proposals. Affected: Governor (v4.9.0) and GovernorCompatibilityBravo (since v4.3.0). Root cause: l...
Important: Red Hat Security Advisory: python-flask security update
An update for python-flask is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2023-34097 Database password exposed in logs in hoppscotch
hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are...
SUSE: Security Advisory (SUSE-SU-2023:2345-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2023:2346-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Financial services company OneMain fined $4.25 million for security lapses
A series of security errors and mishaps has cost personal loan provider OneMain $4.25m in penalties, issued by the New York State department of financial services. The fines, coming at the end of a detailed investigation into how security practices at the company were determined to be below-par,...
SUSE: Security Advisory (SUSE-SU-2023:2328-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2023:2321-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Wireshark infinite loop vulnerability (CNVD-2023-62291)
Wireshark is a popular and influential open source protocol analyzer , often used in network troubleshooting , protocol development and teaching , etc., which supports a variety of protocols and data formats . Wireshark has a security vulnerability that can be exploited by an attacker to conduct ...
PT-2023-24203 · Unknown · Zulip Server
Name of the Vulnerable Software and Affected Versions: Zulip Server versions 7.0-beta1 through 7.0-beta2 and the main development branch from May 2, 2023 and later Description: The issue is related to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send...
CVE-2023-32072
CVE-2023-32072 affects Tuleap: Community Edition < 14.8.99.60; Enterprise Edition < 14.8-3 and
[SECURITY] Fedora 38 Update: python-fastapi-0.95.2-1.fc38
FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.7+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python...
CVE-2023-2903
A vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. This affects an unknown part of the file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. The manipulation leads to improper access controls. It is possible to initiate the attack remotel...
Improper access control
A vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. This affects an unknown part of the file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. The manipulation leads to improper access controls. It is possible to initiate the attack remotel...
CVE-2023-2903 NFine Rapid Development Platform access control
A vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. This affects an unknown part of the file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. The manipulation leads to improper access controls. It is possible to initiate the attack remotel...
CVE-2023-2903
CVE-2023-2903 affects NFine Rapid Development Platform 20230511. The issue is an improper access control in the /SystemManage/Role/GetGridJson endpoint (keyword=&page=1&rows=20), enabling remote initiation. Multiple sources confirm the vulnerability details and public disclosure (VDB-229977). Imp...
CVE-2023-2902
A vulnerability was found in NFine Rapid Development Platform 20230511. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /SystemManage/Organize/GetTreeGridJson?search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc. The manipulation leads ...