CVE-2023-6131

Summary: CVE-2023-6131 is a code injection vulnerability in SuiteCRM (SalesAgility) affecting versions prior to 7.14.2, 7.12.14, and 8.4.2. Affected software: SuiteCRM (SalesAgility). Root cause / vulnerability type: Code injection in the GitHub repository path for SuiteCRM. Impact (as stated): N...

CVE-2023-6130 Path Traversal: '\..\filename' in salesagility/suitecrm

Path Traversal: '..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2...

CVE-2023-6130

CVE-2023-6130 is a path traversal vulnerability in SuiteCRM. The issue arises from inadequate filtering of path components ('..\filename') in the GitHub repository, allowing potentially arbitrary file retrieval from the underlying filesystem. Affected versions are SuiteCRM prior to 7.14.2, 7.12.1...

CVE-2023-6128

Cross-site Scripting XSS - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2...

CVE-2023-6125

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2...

CVE-2023-6126

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2...

Cross site scripting

Cross-site Scripting XSS - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2...

CVE-2023-6128 Cross-site Scripting (XSS) - Reflected in salesagility/suitecrm

Cross-site Scripting XSS - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2...

CVE-2023-6127 Unrestricted Upload of File with Dangerous Type in salesagility/suitecrm

Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2...

CVE-2023-6126 Code Injection in salesagility/suitecrm

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2...

CVE-2023-6126

CVE-2023-6126 refers to a Code Injection in the GitHub repository salesagility/suitecrm for versions prior to 7.14.2, 7.12.14, and 8.4.2. The connected records consistently describe a code injection vulnerability affecting SuiteCRM; some sources also discuss HTML injection in SuiteCRM, but the CV...

CVE-2023-6125 Code Injection in salesagility/suitecrm

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14...

CVE-2023-48094

A cross-site scripting XSS vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /containerfiles/publichtml/doc/index.html. NOTE: the vendor’s position is that Apps/Sandcastle/standalone.html is part of...

CVE-2023-6069

Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0...

Input validation

Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0...

CVE-2023-6069 Improper Link Resolution Before File Access in froxlor/froxlor

Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2023-3233)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-5998 Out-of-bounds Read in gpac/gpac

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV...

CVE-2023-5998 Out-of-bounds Read in gpac/gpac

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV...