EUVD-2023-2300

Malicious code in bioql PyPI...

CVE-2023-0871

XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity XXE injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution...

CVE-2023-40313 Disable BeanShell Interpreter Remote Server Mode

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...

PT-2023-27378 · Opennms · Opennms Horizon +1

Name of the Vulnerable Software and Affected Versions: OpenMNS Horizon versions 31.0.8 through 32.0.2 Meridian versions prior to 2023.1.5 Description: The issue allows any user with the ROLE FILESYSTEM EDITOR to easily escalate their privileges to ROLE ADMIN or any other role. The affected softwa...

Opennms Group OpenNMS 跨站请求伪造漏洞

Opennms Group OpenNMS is an open source, enterprise-grade network monitoring and network management platform from the US-based Opennms Group, Inc. A cross-site request forgery vulnerability exists in OpenNMS Meridian, Horizon, which can be exploited by an attacker to access confidential informati...

PT-2023-8929 · Opennms · Opennms Horizon +1

Name of the Vulnerable Software and Affected Versions: OpenNMS Meridian versions prior to 2023.1.0 OpenNMS Horizon versions prior to 31.0.4 Description: The issue is related to unauthenticated, stored cross-site scripting in the display of alarm reduction keys, which could allow an attacker to...