7486 matches found
CVE-2023-29204 URL Redirection to Untrusted Site ('Open Redirect') in org.xwiki.platform:xwiki-platform-oldcore
XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as //mydomain.com i.e. omitting the http:. It was also possible to bypass it when using URL...
CVE-2023-29201 org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . ...
CVE-2023-28222
Windows Kernel Elevation of Privilege Vulnerability...
PT-2023-2465 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to an elevation-of-privilege vulnerability in the Windows CNG Key Isolation Service. This vulnerability is caused by synchronization errors when using a share...
CVE-2023-29376
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries...
CVE-2023-29376
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries...
Code injection
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries...
CVE-2023-29376
Product affected: Progress Sitefinity (versions 13.3.x up to 13.3.7646; 14.0 up to 14.0.7735; 14.1 up to 14.1.7825; 14.2 up to 14.2.7929; 14.3 up to 14.3.8024).** Vulnerability: Cross-site scripting (XSS) by privileged users targeting media libraries.** CVE: CVE-2023-29376.** Root cause / impact ...
CVE-2023-29376
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries...
CVE-2023-29376
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries...
Fedora: Security Advisory for rubygem-activesupport (FEDORA-2023-7002afbbb8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ai.ylyue:yue-library-data-es (=j11.2.6.2), ai.ylyue:yue-library-data-mybatis (=j11.2.6.2) +3155 more potentially affected by CVE-2023-25330 via com.baomidou:mybatis-plus (>=1.2.11 <=3.5.3)
com.baomidou:mybatis-plus MAVEN version =1.2.11, =0.3.0, =0.4.0, =1.0.0, =1.0.0, =3.0.5, =1.7.2, =1.7.2, =1.0.4.R, =1.0.4.R, =1.0.4.R, =1.0.6.R - cc.vihackerframework:vihacker-sharding-starter =1.0.6.R and more Source cves: CVE-2023-25330 Source advisory: OSV:GHSA-32QQ-M9FH-F74W...
CVE-2022-48225
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute with elevated privileges multiple non-existent DLLs...
CVE-2022-36969
This vulnerability allows remote attackers to disclose sensitive information on affected installations of AVEVA Edge 2020 SP2 Patch 04201.2111.1802.0000. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...
Advisory ROSA-SA-2023-2136
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21365 BDU-ID: 2022-02011 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the ImageIO component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine i...
RLSA-2023:1368 Important: nss security and bug fix update
Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: Arbitrary memory write via PKCS 12 CVE-2023-0767 Bug Fixes: In FIPS mode, nss should reject RSASSA-PSS salt lengths large...
XSS to RCE found in Trilium
Vulnerability Type Remote Code Execution RCE Authentication Required? No Affected Location - Search Notes Search Ancestor Output - Jump to Note Search Note Output - New Tab Search Notes Output Issue Summary The application contains a vulnerability where HTML characters within the title name of...
Important: Red Hat Security Advisory: nss security update
An update for nss is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...
Important: Red Hat Security Advisory: nss security update
An update for nss is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impa...
Important: Red Hat Security Advisory: nss security update
An update for nss is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...