5655 matches found
USN-6076-1: Synapse vulnerabilities
It was discovered that Synapse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. CVE-2019-18835, CVE-2018-12291, CVE-2018-10657 It was...
CentOS 8 : git (CESA-2023:2859)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2859 advisory. - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untruste...
Netgear Routers' Flaws Expose Users to Malware, Remote Attacks, and Surveillance
As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution. "Successful exploits could allow attackers to monitor users' internet activity, hijack internet connections, and redirect traffic to...
Improperly Controlled Sequential Memory Allocation
Overview Affected versions of this package are vulnerable to Improperly Controlled Sequential Memory Allocation due to allowing remote attackers to send malicious requests that consume all memory available to the server. Remediation Upgrade OPCFoundation.NetStandard.Opc.Ua.Server to version...
The vulnerability of the IEEE 802.11 protocol lies in its ability to intercept the data transmitted by devices and replace the MAC addresses of targets, allowing attackers to perform spoofing attacks.
The vulnerability of the IEEE 802.11 protocol lies in the ability to intercept the frames transmitted by the device and to replace the MAC address of the target device. Exploiting this vulnerability allows a malicious actor to perform spoofing attacks remotely...
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2023-1650)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-26947
Cross-site scripting XSS issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link...
CVE-2021-26947
Cross-site scripting XSS issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link...
Cross site scripting
A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php...
Mailman < 3.3.5 REST API Vulnerability
Mailman is prone to a vulnerability in the REST API. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gnu:mailman"; ifdescription...
Oracle Application Testing Suite (Apr 2023 CPU)
The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apac...
CVE-2023-2094
A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/managemechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated...
CVE-2023-2044 Control iD iDSecure Dispositivos Page cross site scripting
A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. This vulnerability affects unknown code of the component Dispositivos Page. The manipulation of the argument IP-DNS leads to cross site scripting. The attack can be initiated remotely. VDB-225922 is the...
Security Bulletin: IBM Security Verify Governance is vulnerable to remote attacks to execute arbitrary code on the system [CVE-2013-4521, CVE-2013-2165 and CVE-2018-14667]
Summary IBM Security Verify Governance is vulnerable to remote attacks to execute arbitrary code on the system CVE-2013-4521. IBM Security Verify Governance is vulnerable to remote attacks caused by an error related to the handling of deserialization CVE-2013-2165. IBM Security Verify Governance ...
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server’s server lies in the improper limitation of XML references to external objects, which allows attackers to perform XXE attacks.
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server’s server relates to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...
PT-2023-2399 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows Internet Key Exchange IKE Protocol Extensions affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the implementation of the Internet Key Exchange IKE protocol ...
Out-of-bounds
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may...
CVE-2023-1941 SourceCodester Simple and Beautiful Shopping Cart System login.php sql injection
A vulnerability, which was classified as critical, has been found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiat...
Cross site request forgery (csrf)
A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attac...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...