Oracle Linux 8 : firefox (ELSA-2023-1336)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-1336 advisory. 102.9.0-3.0.1 - Updated homepages to use https Orabug: 34648274 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the...

CVE-2023-1448

A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gfm2tsprocesssdt of the file mediatools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been...

Debian DSA-5375-1 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5375 advisory. - Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2023:0763-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0763-1 advisory. - By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user...

Siemens Tecnomatix Plant Simulation Out-of-Bounds Write Vulnerability (CNVD-2023-18930)

Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. A security vulnerability exists in Siemens Tecnomatix...

CVE-2023-28162

The Mozilla Foundation Security Advisory describes this flaw as: While implementing AudioWorklets, some code may have cast one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2023:0728-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0728-1 advisory. - By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5954-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5954-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

Plugin for Google Reviews < 2.2.4 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the placeid parameter before using it in a SQL statement via the grwoverviewajax AJAx action, leading to a SQL injection exploitable by any authenticated users, such as subscriber...

Security Vulnerabilities fixed in Firefox 111 — Mozilla

The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected. By displaying a prompt with a long description, the...

GHSA-PQG3-XFX2-FMQP Cross site scripting vulnerability in update-center2

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide a plugin for hosting...

Cross site scripting vulnerability in update-center2

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide a plugin for hosting...

CVE-2023-27905

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide a plugin for hosting...

CVE-2022-37939

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and...

PT-2023-16903 · WordPress · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description: The issue is related to unauthorized cache modification due to a missing capability check on the queue posts function. This allows...

PT-2023-16872 · Sourcecodester · Sourcecodester Covid 19 Testing Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester COVID 19 Testing Management System version 1.0 Description: A critical issue was found in the COVID 19 Testing Management System, affecting an unknown functionality of the patient-report.php file, specifically in the POST...

Debian: Security Advisory (DSA-1970-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-20632

In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628506; Issue ID: ALPS07628506...

Cross site scripting

A vulnerability was found in ehuacui bbs. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This...

Mitsubishi Electric MELSOFT iQ AppPortal

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSOFT iQ AppPortal Vulnerabilities: HTTP Request Smuggling, Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of these...