CVE-2023-3229 Business Logic Errors in fossbilling/fossbilling

Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0...

CVE-2023-3229

The vulnerability CVE-2023-3229 affects fossbilling/fossbilling prior to 0.5.0. Concrete details from connected sources show a business-logic flaw that allows continuing to place orders for a product after it has been disabled, via API requests. Root cause: logic that does not correctly enforce p...

CVE-2023-3229 Business Logic Errors in fossbilling/fossbilling

Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0...

CVE-2023-3228 Business Logic Errors in fossbilling/fossbilling

Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0...

CVE-2023-3224

Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3...

Code injection

Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3...

SUSE CVE-2023-3172

Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20...

CVE-2023-3218

OpenITCOCKPIT is affected by CVE-2023-3218 due to a race condition within a thread in the application’s code path prior to version 4.6.5. The vulnerability stems from concurrent thread execution that can lead to inconsistent state or logic errors during operations in the affected release lineage....

Amazon Linux 2 : vim (ALAS-2023-2085)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2085 advisory. NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. CVE-2023-2609 Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. CVE-2023-2610 Tenable has...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : Vim vulnerabilities (USN-6154-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6154-1 advisory. It was discovered that Vim was using uninitialized memory when fuzzy matching, which could lead to invalid...

CVE-2023-3192

CVE-2023-3192 affects froxlor/froxlor versions prior to 2.1.0. The root cause is failure to regenerate session IDs, which may enable session fixation . Documents consistently describe this issue and its impact as an authorization/session management risk. The primary remediation is to upgrade to v...

CVE-2023-3192 Session Fixation in froxlor/froxlor

Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0...

CVE-2023-3191

Cross-site Scripting XSS - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF in GitHub repository owncast/owncast prior to 0.1.0...

CVE-2023-3190 Improper Encoding or Escaping of Output in nilsteampassnet/teampass

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9...

CVE-2023-3191 Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass

Cross-site Scripting XSS - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9...

CVE-2023-3188 Server-Side Request Forgery (SSRF) in owncast/owncast

Server-Side Request Forgery SSRF in GitHub repository owncast/owncast prior to 0.1.0...

Froxlor vulnerable to Path Traversal

Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20...

Input validation

Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20...

CVE-2023-3172

CVE-2023-3172 exposes a path traversal vulnerability in froxlor/froxlor prior to 2.0.20. The issue allows accessing files/directories outside the web root, with impact on confidentiality, integrity, and availability as described. Affected software: Froxlor versions before 2.0.20; root cause: path...