Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2023-1689)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.0 : qemu-kvm (EulerOS-SA-2023-1688)

According to the versions of the qemu-kvm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The ehciprocessitd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a memory out-of-bounds vulnerability in the video framework due to an additive overflow...

GLSA-202305-21 : Cairo: Buffer Overflow Vulnerability

The remote host is affected by the vulnerability described in GLSA-202305-21 Cairo: Buffer Overflow Vulnerability - A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor for...

Design/Logic Flaw

Vulnerability in the Oracle Solaris product of Oracle Systems component: Libraries. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks of this vulnerability can...

CVE-2023-28973

An Improper Authorization vulnerability in the 'sysmanctl' shell command of Juniper Networks Junos OS Evolved allows a local, authenticated attacker to execute administrative commands that could impact the integrity of the system or system availability. Administrative functions such as daemon...

Authorization

An Improper Authorization vulnerability in the 'sysmanctl' shell command of Juniper Networks Junos OS Evolved allows a local, authenticated attacker to execute administrative commands that could impact the integrity of the system or system availability. Administrative functions such as daemon...

FreeBSD : py39-pycares -- domain hijacking vulnerability (43e9ffd4-d6e0-11ed-956f-7054d21a9e2a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 43e9ffd4-d6e0-11ed-956f-7054d21a9e2a advisory. - A flaw was found in c-ares library, where a missing input validation check of host names returned by...

glob-parent: Regular Expression Denial of Service

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service ReDoS attacks, affecting system availability...

CVE-2023-29186 Directory/Path Traversal vulnerability in SAP NetWeaver.

In SAP NetWeaver BI CONT ADDON - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient administrative privileges then potentially critical OS files ca...

NewStart CGSL CORE 5.05 / MAIN 5.05 : openldap Multiple Vulnerabilities (NS-SA-2023-0016)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openldap packages installed that are affected by multiple vulnerabilities: - A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd server, to trigger ...

CVE-2022-28131

A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

Amazon Linux AMI : sssd (ALAS-2023-1723)

The version of sssd installed on the remote host is prior to 1.16.4-21.27. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1723 advisory. A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and...

Important: sssd

Issue Overview: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access...

glob-parent: Regular Expression Denial of Service

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service ReDoS attacks, affecting system availability...

Sql injection

PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data,...

CVE-2023-28843 Improper neutralization of SQL parameter in PayPal module for PrestaShop

PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data,...

CVE-2023-28843 Improper neutralization of SQL parameter in PayPal module for PrestaShop

PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data,...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A SQL injection vulnerability exists in PrestaShop/paypal versions 3.12.0 through 3.16.3. An attacker could...

CBL Mariner 2.0 Security Update: rpm (CVE-2021-35939)

The version of rpm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-35939 advisory. - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented fo...