ownCloud Information Disclosure Vulnerability (Nov 2023) - Active Check

ownCloud is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud";...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Owncloud Graph_Api

CVE-2023-49103 PoC for the CVE-2023-49103 Overview This Py...

PT-2023-9162 · Zabbix +4 · Zabbix +4

Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: The issue is caused by improper validation of the form input field Name on the Graph page in the Items section. This can lead to a cross-site scripting XSS attack, allowing a remote attacker...

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

PT-2023-30531 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 8.4.2 Description: The issue affects SuiteCRM, a Customer Relationship Management CRM software application, where Graphql Introspection is enabled without authentication. This exposes the scheme defining all object...

PT-2023-30763 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 23.11.0 Description: The issue allows a low-privilege user to enumerate devices on LibreNMS with their id or hostname by accessing a request sent to graph.php when they access their device dashboard. This enables th...

kernel: device property: fix of node refcount leak in fwnode_graph_get_next_endpoint()

In the Linux kernel, the following vulnerability has been resolved: device property: fix of node refcount leak in fwnodegraphgetnextendpoint The 'parent' returned by fwnodegraphgetportparent with refcount incremented when 'prev' is not NULL, it needs be put when finish using it. Because the paren...

GHSA-HM9R-7F84-25C9 Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes

Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to...

DRUPAL-CONTRIB-2023-050

This module lets you craft and expose a GraphQL schema for Drupal 9 and 10. The module currently does not adequately verify whether a given user has the necessary permissions to access an entity's label creating an access bypass vulnerability. This vulnerability is mitigated by the fact that enti...

kernel: device property: fix of node refcount leak in fwnode_graph_get_next_endpoint()

In the Linux kernel, the following vulnerability has been resolved: device property: fix of node refcount leak in fwnodegraphgetnextendpoint The 'parent' returned by fwnodegraphgetportparent with refcount incremented when 'prev' is not NULL, it needs be put when finish using it. Because the paren...

Moderate: grafana security and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: persistent xss in grafana core plugins CVE-2022-23552 grafana: plugin signature bypass CVE-2022-31123 grafana: data source and plugin proxy endpoints leaking...

[SECURITY] Fedora 39 Update: cacti-1.2.25-1.fc39

Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven...

OSV-2023-1071 Heap-use-after-free in igraph_pajek_yyparse

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63609 Crash type: Heap-use-after-free READ 11 Crash state: igraphpajekyyparse igraphreadgraphpajek readpajek.cpp...

CVE-2023-46191

Cross-Site Request Forgery CSRF vulnerability in Niels van Renselaar Open Graph Metabox plugin = 1.4.4 versions...

CVE-2023-46191

Cross-Site Request Forgery CSRF vulnerability in Niels van Renselaar Open Graph Metabox plugin = 1.4.4 versions...

WordPress Plugin Open Graph Metabox Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2023-46191 WordPress Open Graph Metabox Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Niels van Renselaar Open Graph Metabox plugin = 1.4.4 versions...

CVE-2023-46191 WordPress Open Graph Metabox Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Niels van Renselaar Open Graph Metabox plugin = 1.4.4 versions...

CVE-2023-46191

The CVE-2023-46191 entry concerns a CSRF vulnerability in the Open Graph Metabox WordPress plugin, affecting versions

PT-2023-29892 · Niels Van Renselaar · Open Graph Metabox Plugin

Name of the Vulnerable Software and Affected Versions: Niels van Renselaar Open Graph Metabox plugin versions = 1.4.4 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...