Oracle Linux 9 : Image / Builder (ELSA-2023-2204)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2204 advisory. cockpit-composer 45-1.0.1 - Make per page documentation links point to Oracle Linux Orabug: 32013095, Orabug:34398922 45-1 - New upstream release 44-1 ...

AlmaLinux 9 : git-lfs (ALSA-2023:2357)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:2357 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...

RHEL 9 : grafana (RHSA-2023:2167)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:2167 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang:...

PT-2023-16259 · WordPress · Cloud Manager Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Cloud Manager WordPress plugin versions 1.0 and earlier Description: The issue allows unauthenticated attackers to trick a logged-in admin into triggering a XSS payload by clicking a link, due to the lack of sanitization and escaping of the...

Important: golang

Issue Overview: Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. CVE-2022-23772 cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This...

Checkmk 日志信息泄露漏洞

Checkmk is an editor. Checkmk suffers from a security vulnerability that stems from the fact that transferring credentials within a query parameter could result in automated user secrets being written to site access logs...

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Golang Go is used by IBM Robotic Process Automation as part of the operator CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-41716, CVE-2022-41721. Python is used by IBM Robotic Process...

CVE-2023-1387

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...

USN-6038-1: Go vulnerabilities

It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2022-1705 It was discovered that Go did not properly manage memory under certain...

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Golang Go is used by IBM Robotic Process Automation as part of the operator CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-41716, CVE-2022-41721. Python is used by IBM Robotic Process...

Security Bulletin: CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Standard

Summary Multiple CVEs - CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Standard . IBM CICS TX Standard has addressed the applicable CVEs. Relevant go related packages have been upgraded. Vulnerability Details CVEID:CVE-2022-41715 DESCRIPTION:...

Security Bulletin: CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Advanced

Summary Multiple CVEs - CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Advanced . IBM CICS TX Advanced has addressed the applicable CVEs. Relevant go related packages have been upgraded. Vulnerability Details CVEID:CVE-2022-2879 DESCRIPTION:...

golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...

CVE-2023-24731

Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the query parameter in the user profile update function...

CVE-2023-1395

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as problematic. This vulnerability affects the function query of the file admin/user/list.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated...

Atlassian Jira 6.0.0 < 7.2.12 Xss In Printable Searchrequest Issue Resource

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 6.0.x prior to 7.2.12 or 7.4.4 prior to 7.6.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a cross...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-1505)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-24733

PMB v7.4.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the query parameter at /admin/convert/exportz3950new.php...

Cross site scripting

PMB v7.4.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the query parameter at /admin/convert/exportz3950.php...

PT-2023-19757 · Pmb · Pmb

Name of the Vulnerable Software and Affected Versions: PMB version 7.4.6 Description: A reflected cross-site scripting XSS issue was found in PMB via the query parameter at "/admin/convert/export z3950 new.php". This allows for potential XSS attacks. Recommendations: For PMB version 7.4.6, consid...