CVE-2023-39543

CVE-2023-39543 describes a cross-site scripting (XSS) vulnerability in LuxCal Web Calendar. The issue affects LuxCal Web Calendar versions prior to 5.2.3M (MySQL) and prior to 5.2.3L (SQLite). The underlying behavior allows a remote unauthenticated attacker to cause arbitrary script execution in ...

JVN#04876736: Multiple vulnerabilities in LuxCal Web Calendar

LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2023-39543 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 SQL...

Important Photon OS Security Update - PHSA-2023-3.0-0632

Updates of 'postgresql13', 'sqlite' packages of Photon OS have been released...

OESA-2023-1486 sqlite security update

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications...

OESA-2023-1485 sqlite security update

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications...

CVE-2023-37470

Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the...

Design/Logic Flaw

Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the...

CVE-2023-37470 Metabase vulnerable to remote code execution via POST /api/setup/validate API endpoint

Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the...

CVE-2023-37470

Metabase versions prior to 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 are affected by a remote code execution vulnerability stemming from the embedded H2 database. The issue allows a user-supplied connection string to contain code that is subsequently execu...

CVE-2023-37470 Metabase vulnerable to remote code execution via POST /api/setup/validate API endpoint

Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the...

CVE-2023-37470 Metabase vulnerable to remote code execution via POST /api/setup/validate API endpoint

Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl-libs, libssh, libarchive, sqlite and go-toolset

Summary Multiple issues were identified in Red Hat UBI packages openssl-libs, libssh, libarchive, sqlite and go-toolset that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images CVE-2020-24736, CVE-2020-29652, CVE-2022-32189, CVE-2023-2283, CVE-2022-36227, CVE-2023-2453...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service due to [CVE-2020-24736]

Summary SQLite is not used directly by IBM App Connect Enterprise Certified Container but is present in the images as part of the base operating system. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address...

PT-2023-5054 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to and including 2.1.0 Description: The issue is related to the use of alternative driver names when importing a database, which could allow a remote attacker to create arbitrary files and gain unauthorized access ...

EulerOS Virtualization 3.0.6.6 : sqlite (EulerOS-SA-2023-2437)

According to the versions of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. CVE-2020-35525 Note that...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2023-2437)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the os_unix.c component of the SQLite database management system allows a attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the osunix.c component of the SQLite database management system is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

The vulnerability in the /sqlite3_aflpp/shell.c component of the SQLite database management system allows a attacker to cause a service failure.

The vulnerability in the /sqlite3aflpp/shell.c component of the SQLite database management system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

Debian dla-3489 : mediawiki - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3489 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3489-1 [email protected] https://www.debian.org/lts/security/...

Debian: Security Advisory (DLA-3489-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...