Input validation

Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language Labels Export action...

CVE-2023-48841

Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language Labels Export action...

CVE-2023-48841

CVE-2023-48841 affects PHPJabbers Appointment Scheduler 3.0. The vulnerability is a CSV injection in the Language > Labels > Export action, caused by insufficient input validation on the Unique ID field used to construct the CSV file. Impact is described as high (C/H/I/H/A/H) per CVSS data,...

CVE-2023-48835

Car Rental Script v3.0 is vulnerable to CSV Injection via a Language Labels Export action...

Car Rental Script Security Vulnerability

Car Rental Script is an open source vehicle rental script from GZ Script. A security vulnerability exists in Car Rental v3.0, which originates from a CSV injection vulnerability in the Language Labels Export operation...

PT-2023-30984 · Unknown · Appointment Scheduler

Name of the Vulnerable Software and Affected Versions: Appointment Scheduler version 3.0 Description: The issue concerns a CSV Injection vulnerability via the Language Labels Export action. This allows for potential code execution. Recommendations: For Appointment Scheduler version 3.0, update to...

CVE-2023-48841

Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language Labels Export action...

Appointment Scheduler Security Vulnerability

PHPJabbers Appointment Scheduler is a Php-based appointment scheduler plugin for planning time and booking meeting schedules from PHPJabbers Serbia. A security vulnerability exists in Appointment Scheduler version 3.0, which stems from a CSV injection vulnerability in the Language Labels Export...

PT-2023-30978 · Unknown · Car Rental Script

Name of the Vulnerable Software and Affected Versions: Car Rental Script version 3.0 Description: The issue concerns a CSV Injection vulnerability. It can be exploited via the Language Labels Export action. Recommendations: For Car Rental Script version 3.0, consider disabling the Export action i...

CVE-2023-48835

CVE-2023-48835 affects Car Rental Script v3.0; the vulnerability is a CSV Injection in the Language > Labels > Export action due to insufficient input validation on the Unique ID field in Reservations. Impact is high (C:H, I:H, A:H) with CVSS 3.1 base score 8.8. In-the-wild/exploit details ...

Virtuozzo Hybrid Infrastructure 6.0 (6.0.0-243)

In this release, Virtuozzo Hybrid Infrastructure provides an upgrade of the Linux distribution, kernel, and toolset packages. This release also contains a range of new features that cover storage performance, object storage, as well as monitoring and alerts. Additionally, this release delivers...

AZL-34620 CVE-2023-47108 affecting package containerd for versions less than 1.7.13-3

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

AZL-35440 CVE-2023-47108 affecting package docker-compose for versions less than 2.27.0-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

AZL-34891 CVE-2023-47108 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

UBUNTU-CVE-2023-47108

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

CVE-2023-47108 DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator

A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs...

Openshift: modification of node role labels

...

CVE-2023-5408

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the clust...

CVE-2023-5408 Openshift: modification of node role labels

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the clust...