195 matches found
RuoYi 安全漏洞
RuoYi is a backend management system for individual developers in China RuoYi RuoYi. A security vulnerability exists in RuoYi v4.7.9 and prior versions, which stems from a vulnerability that allows comments in the code generation function to escape, thereby injecting malicious code...
CVE-2024-46076
RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code...
CVE-2024-32762
CVE-2024-32762 affects QuLog Center. A cross-site scripting (XSS) vulnerability could allow network-based code injection via a user’s browser when interacting with the affected web interface. Affected versions include QuLog Center 1.7.0.827 and 1.8.0.872 and later; however, fixed releases are 1.7...
CVE-2023-50366 QTS, QuTS hero
A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS...
Man-in-the-middle(MitM) Attack
Gentoo Portage is vulnerable to a Man-in-the-Middle MitM attack. The vulnerability exists due to the failure of emerge-webrsync to perform PGP signature verification on downloaded .gpgsig files, allowing an attacker to inject malicious code during the file download process...
CVE-2024-25582
Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users account. Exploiting this vulnerability requires temporary access to an account or successful social...
Apache Syncope Input Validation Error Vulnerability
Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope suffers from an input validation error vulnerability that c...
CentOS 8 : libssh (CESA-2024:3233)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3233 advisory. - A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue...
Low: libssh security update
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values for digests...
Low: Red Hat Security Advisory: libssh security update
An update for libssh is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
CVE-2024-28190 Contao core bundle vulnerable to cross site scripting in the file manager
Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files back end and front end, which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 an...
QNAP QuTScloud XSS Vulnerability (QSA-24-11)
QNAP QuTScloud is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2023-32969
A cross-site scripting XSS vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651...
CVE-2024-21901 myQNAPcloud
A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 2023/11/24 and later QTS...
Tenda W9 out-of-bounds write vulnerability (CNVD-2024-14312)
Tenda W9 is a wireless in-wall access point from Tenda, China. An out-of-bounds write vulnerability exists in Tenda W9 version 1.0.0.7, which is caused by a stack-based buffer overflow in the index parameter of the formWifiMacFilterGet function. An attacker can exploit this vulnerability to injec...
CVE-2023-50379
Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host...
Code injection
Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host...
CVE-2023-50379
CVE-2023-50379 affects Apache Ambari prior to 2.7.8, enabling an authenticated attacker to inject malicious code by manipulating a request and achieve root access on the cluster’s main host. The vulnerability stems from a code-injection flaw in Ambari’s request handling, with impact described as ...
PT-2024-17603 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9 through 9.2.4 Description: The issue is related to insufficient validation of administrator-provided data in the Image URL Import Feature, allowing a rogue administrator to inject malicious code when importing images...
CVE-2023-47561 Photo Station
A cross-site scripting XSS vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 2023/12/15 and later...