Exploit for PHP External Variable Modification in Juniper Junos

CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 , CVE-2023-36...

Unsanitized user controlled input in module generation

Impact The import-in-the-middle loader used by @opentelemetry/instrumentation works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. It allows for remote code execution in cases where an application passes...

Cross Site Scripting (XSS)

typo3 is vulnerable to Stored XSS. The vulnerability is due to GeneralUtility::getIndpEnv function which uses unfiltered server environment variable PATHINFO and TypoScript setting config.absRefPrefix=auto. This can lead to an attacker injecting malicious content or malicious HTML code in...

EulerOS Virtualization 3.0.6.6 : libXpm (EulerOS-SA-2023-2430)

According to the versions of the libXpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called...

GHSA-6HVV-J432-23CV Weave GitOps Terraform Controller Information Disclosure Vulnerability

Impact A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This vulnerability stems from Weave GitOps Terraform Runners tf-runner, where sensitive data is inadvertently printed - potentially...

CVE-2023-34236 Information Disclosure Vulnerability in Weave GitOps Terraform Controller

Weave GitOps Terraform Controller aka Weave TF-controller is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This...

CVE-2023-34236 Information Disclosure Vulnerability in Weave GitOps Terraform Controller

Weave GitOps Terraform Controller aka Weave TF-controller is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This...

CVE-2023-30585

A vulnerability has been identified in the Node.js .msi version installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM...

CVE-2023-32439

A vulnerability was found in webkitgtk. This issue occurs when processing maliciously crafted web content, which may lead to arbitrary code execution. Mitigation This vulnerability can be mitigated by setting the environment variable JSCuseDFGJIT=0, which will disable the data flow graph JIT tier...

CVE-2023-35931 Shescape potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1...

PT-2023-4512 · Node.Js +2 · Node.Js +2

Name of the Vulnerable Software and Affected Versions: Node.js versions affected versions not specified Description: A vulnerability has been identified in the Node.js installation process, specifically affecting Windows users who install Node.js using the .msi installer. This issue arises during...

CVE-2023-29545

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are...

Code injection

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are...

CVE-2023-29545

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are...

CVE-2023-29545

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are...

CVE-2023-29545

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are...

CVE-2023-29545

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are...

CVE-2023-29545

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are...

EulerOS Virtualization 3.0.6.0 : libXpm (EulerOS-SA-2023-2253)

According to the versions of the libXpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called...

EulerOS 2.0 SP5 : libXpm (EulerOS-SA-2023-2158)

According to the versions of the libXpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and...