Apache Camel Information Disclosure Vulnerability

Apache Camel is the United States Apache Apache Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern Java objects POJO implementation , and throug...

Security Vulnerabilities fixed in Firefox 115.0.2 and Firefox ESR 115.0.2 — Mozilla

During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash...

Siemens RUGGEDCOM ROX

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity ​Vendor: Siemens ​Equipment: RUGGEDCOM ROX ​Vulnerabilities: Cleartext Transmission of Sensitive Information, Command Injection, Improper Authentication, Classic Buffer Overflow, Uncontrolled Resource...

Code injection

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features...

CVE-2023-37209

A use-after-free condition existed in NotifyOnHistoryReload where a LoadingSessionHistoryEntry object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox 115...

Design/Logic Flaw

A use-after-free condition existed in NotifyOnHistoryReload where a LoadingSessionHistoryEntry object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox 115...

CVE-2023-37209

A use-after-free condition existed in NotifyOnHistoryReload where a LoadingSessionHistoryEntry object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox 115...

Mageia: Security Advisory (MGASA-2023-0212)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SpiderControl SCADAWebServer

1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: SpiderControl Equipment: SCADAWebServer Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition 3. TECHNICAL DETAILS...

CVE-2023-29531

An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected. This vulnerability affects Firefox 112, Firefox ESR...

Design/Logic Flaw

An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected. This vulnerability affects Firefox 112, Firefox ESR...

CVE-2023-29531

An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected. This vulnerability affects Firefox 112, Firefox ESR...

CVE-2023-29531

An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected. This vulnerability affects Firefox 112, Firefox ESR...

Able to edit users owned by other administration users

Description Exploiting a vulnerability 'Take ownership' of any user, thereby being able to edit all users. Proof of Concept Step 1: We have user1 owned by admin1. \ Step 2: By doing the 'Take ownership' action, the user1 is now owned by admin2 \ \ Step 3: Now, admin2 is able to edit user1, and ev...

Jenkins Sonargraph Integration Plugin vulnerable to Stored Cross-site Scripting

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not correctly escape the file path and the project name for the Log file field form validation. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

GHSA-9PVW-8Q92-HM9W Stored XSS vulnerability in Jenkins Maven Repository Server Plugin

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control maven project versions in pom.xml...

Rockwell Automation FactoryTalk Transaction Manager

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Transaction Manager Vulnerability: Uncontrolled Resource Consumption. 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the...

Amazon Linux 2023 : libwebp, libwebp-devel, libwebp-java (ALAS2023-2023-185)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-185 advisory. A double-free in libwebp could have led to memory corruption and a potentially exploitable crash. CVE-2023-1999 Tenable has extracted the preceding description block directly from the tested product...

MediaTek 芯片 安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in the vcu module of the MediaTek chips, which is caused by improper locking and may be exploited after release...

Double-Free

libwebp is vulnerable to Double Free. The vulnerability could cause memory corruption and potentially create a exploitable crash...