739 matches found
Jumpserver Path Traversal Vulnerability
Jumpserver is an open source bastion machine from China's Hangzhou Feizhiyun Information Technology Co. JumpServer suffers from a path traversal vulnerability that originates when a logged in user can access and modify the contents of any file on the system...
GLPI Information Leakage Vulnerability
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...
CISA Releases its Open Source Software Security Roadmap
Today, CISA released an Open Source Software Security Roadmap to lay out—in alignment with the National Cybersecurity Strategy and the CISA Cybersecurity Strategic Plan—how we will partner with federal agencies, open source software OSS consumers, and the OSS community, to secure OSS...
Mozilla VPN Security Breach
Mozilla VPN is an open source virtual private network web browser extension, desktop application and mobile application from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla VPN Linux that stems from the application's invalid Polkit authentication check and...
Inventory Management System 跨站脚本漏洞
Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Free and Open Source Inventory Management System v1.0 that could allow an attacker to execute arbitrary web script or HTML by injecting a crafted payload into the Ad...
Lavalite CMS Security Vulnerability
Lavalite CMS is an open source PHP-based content management system CMS. A security vulnerability exists in LavaLite CMS version v 9.0.0, which stems from an easy sensitive data disclosure...
Commentary on the Implementation Plan for the 2023 US National Cybersecurity Strategy
The Atlantic Council released a detailed commentary on the White Houses new "Implementation Plan for the 2023 US National Cybersecurity Strategy." Lots of interesting bits. So far, at least three trends emerge: First, the plan contains a somewhat more concrete list of actions than its parent...
GLPI SQL注入漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
编号撤回
OBS Studio is an OBS Project open source software designed for efficiently capturing, compositing, encoding, recording and streaming video content. This CVE number has been withdrawn...
[SECURITY] Fedora 37 Update: moodle-4.1.4-1.fc37
Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities...
CVE-2023-34098
Shopware is an open source e-commerce software. Due to an incorrect configuration in the .htaccess file, the configuration file of the Javascript could be read in production environments themes/package-lock.json. With this information, the specific Shopware version in a deployment might be...
BoxBilling Cross-Site Scripting Vulnerability
BoxBilling is open source billing and customer management software for BoxBilling individual developers. A cross-site scripting vulnerability exists in BoxBilling versions 4.19,4.19.1,4.20,4.21, which stems from arbitrary code that can be run via a form for submitting a new ticket. An attacker ca...
answer 安全漏洞
answer is an open source knowledge-based community software. A vulnerability in authorization issues exists in versions of answer prior to 1.0.9, which stems from a lack of authorization for the software. An attacker could use this vulnerability to unauthorize changes or delete votes...
Webcam Preview Test Application
Please note: You can download the required file from the Citrix downloads website by visiting the following link:https://www.citrix.com/downloads/citrix-tools Simple Windows UI application to test and troubleshoot Webcam redirection on Terminal Server and Workstation VDAs, as well as to check...
编号撤回
XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. This CVE number has been withdrawn...
ALSA-2023:1786 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Security Fixes: MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp BZ2186102 Mozilla: Fullscreen notification obscured CVE-2023-295...
Google Launches New Cybersecurity Initiatives to Strengthen Vulnerability Management
Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. "While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they're known and fixe...
GLPI SQL注入漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...
GLPI 跨站脚本漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...
Security Bulletin: Multiple vulnerabilities in Open Source software used by Cloud Pak System
Summary Multiple vulnerabilities in Open Source software used by Cloud Pak System. IBM Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2015-1832 DESCRIPTION: Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external...