CVE-2023-51790

Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component...

PT-2024-14293 · Piwigo · Piwigo

Name of the Vulnerable Software and Affected Versions: piwigo version 14.0.0 Description: A Cross Site Scripting issue allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component. Recommendations: For piwigo version 14.0.0, consider...

CVE-2023-51790

Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component...

CVE-2023-51790

Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component...

IrfanView Security Vulnerability

IrfanView is an image viewer by the individual developer Irfan Skiljan in Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion and more. A security vulnerability exists in IrfanView PlugIns B3D prior to version 4.56, which stems from a heap-based...

Oracle TimesTen 18.x < 18.1.4.39.0, 22.x < 22.1.1.18.0 Multiple Vulnerabilities (October 2023 CPU)

The version of Oracle TimesTen installed on the remote host is 18.x prior to 18.1.4.39.0 or 22.x prior to 22.1.1.18.0. It is, therefore, affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory: - Security-in-Depth issue in the TimesTen In-Memory Database product of...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - April 2023 - Includes Oracle October 2023 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...

Security Bulletin: IBM Cinder plug-in is affected by a vulnerability in the Python requests-2.28.2-py3-none-any.whl [CVE-2023-32681]

Summary The Python requests package, which allows user to send HTTP requests using Python, is used by IBM Cinder plug-in. requests package is impacted by vulnerability CVE-2023-32681. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain...

Security Bulletin: IBM Cinder plug-in is affected by a vulnerability in the Python Pygments-2.14.0 package [CVE-2022-40896]

Summary The Python Pygments package, a syntax highlighting package, is used by IBM Cinder plug-in. Pygments-2.14.0 is vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expressions in SqlJinjaLexer class vulnerability CVE-2022-40896. Vulnerability Detail...

CVE-2023-28813

An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files...

CVE-2023-28812

There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in...

CVE-2023-28812

There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in...

Design/Logic Flaw

An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files...

Buffer overflow

There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in...

CVE-2023-28813

An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files...

CVE-2023-28812

There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in...

CVE-2023-28812

There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in...

CVE-2023-28812

CVE-2023-28812 affects the Hikvision Web Browser Plug-in LocalServiceComponents. The vulnerability is described as a buffer overflow in the plug-in that can be triggered by sending crafted messages to systems with the plug-in installed, potentially allowing arbitrary code execution or causing the...

Hikvision Web Browser Plug-in LocalServiceComponents Security Vulnerability

Hikvision Web Browser Plug-in LocalServiceComponents is a web browser plug-in from Hikvision, a Chinese company. A security vulnerability exists in Hikvision Web Browser Plug-in LocalServiceComponents, which stems from a buffer overflow vulnerability that could allow an attacker to send a crafted...

PT-2023-21986 · Hikvision · Localservicecomponents

Name of the Vulnerable Software and Affected Versions: plug-in affected versions not specified Description: The issue allows an attacker to exploit it by sending crafted messages to computers with the plug-in installed, modifying plug-in parameters. This could cause affected computers to download...