USN-6038-2: Go vulnerabilities

USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original advisory details: It was discovered that the Go net/http module incorrectly handled Transfer-Encoding...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS : Go vulnerabilities (USN-6038-2)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6038-2 advisory. USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and G...

WordPress plugin WP Sessions Time Monitoring Full Automatic Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-4724

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...

VulnCheck KEV: CVE-2020-19625

Remote Code Execution Vulnerability in tests/support/stores/testgridfilter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter...

CVE-2023-48655

An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters...

PT-2023-30876 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.176 Description: An issue was discovered where the app/Controller/Component/IndexFilterComponent.php file does not properly filter out query parameters. Recommendations: For versions prior to 2.4.176, update to...

CVE-2023-48655

An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters...

CVE-2023-45201

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...

Devolutions Server Security Vulnerability

Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2023.2.10.0 and earlier, which stems from an improper access control issue in the Report log...

Password Disclsosure

nautobot is vulnerable to Password Disclosure. The vulnerability is due to the fact that the utils.py does not correctly inherit all the necessary Meta attributes from the base serializer. This flaw permits an authenticated attacker to access hashed user passwords stored in the database through...

Nautobot Security Vulnerability

Nautobot is a web automation platform from the individual developers of Nautobot. A security vulnerability exists in versions of Nautobot prior to 2.0.3 that stems from certain REST API endpoints that, in combination with a query parameter, can expose hashed user passwords stored in a database to...

PT-2023-7024 · Nautobot · Nautobot

Name of the Vulnerable Software and Affected Versions: Nautobot versions 2.0.0 through 2.0.2 Description: The issue concerns the exposure of hashed user passwords in Nautobot's REST API endpoints when the ?depth= query parameter is used. This affects any authenticated user with access to these...

GHSA-X4HH-VJM7-G2JV Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input

Summary Faktory web dashboard can suffer from denial of service by a crafted malicious url query param days. Details The vulnerability is related to how the backend reads the days URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string...

Sql injection

Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param days. The vulnerability is related to how the backend reads the days URL query parameter in the Faktory web...

CVE-2023-37279 Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input

Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param days. The vulnerability is related to how the backend reads the days URL query parameter in the Faktory web...

CVE-2023-23957

An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4...

CVE-2023-23957 Open Redirection Vulnerability in Symantec Identity Portal 14.4

An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4...

CVE-2023-23957 Open Redirection Vulnerability in Symantec Identity Portal 14.4

An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4...

CVE-2023-23957

CVE-2023-23957 affects Symantec Identity Portal 14.4. An authenticated user can see and modify the value of the ‘next’ query parameter, which corresponds to an open redirection vulnerability in Symantec Identity Portal 14.4. The available documents state the impact as an ability to view/modify th...