CVE-2023-4238

The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...

CVE-2023-32510

creationtimestamp| type| source ---|---|--- 2023-08-24 16:14:57+00:00| seen| https://t.me/cibsecurity/69118...

UBUNTU-CVE-2020-35357

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL GNU Scientific Library, versions 2.5 and 2.6. Processing a maliciously crafted input data for gslstatsquantilefromsorteddata of the library may lead to unexpected application termination or arbitra...

XZ 安全漏洞

xz is a software application. It is used to support reading and writing xz compressed streams. A security vulnerability exists in XZ Utils version 5.2.5, which stems from a vulnerability that allows an attacker to cause a denial of service by unzipping specially crafted files...

PT-2023-11638 · Xz +2 · Xz +2

Name of the Vulnerable Software and Affected Versions: XZ version 5.2.5 Description: An issue in XZ allows attackers to cause a denial of service via decompression of a crafted file. The vendor disputes the claims of "endless output" and "denial of service" because decompression of a 17,486 bytes...

PT-2023-26182 · Opendds · Opendds

Name of the Vulnerable Software and Affected Versions: OpenDDS versions prior to 3.25 Description: OpenDDS is an open source C++ implementation of the Object Management Group OMG Data Distribution Service DDS. It crashes while parsing a malformed PID PROPERTY LIST in a DATA submessage during...

Cockpit CMS 跨站请求伪造漏洞

Cockpit is an interactive server management interface. A security vulnerability exists in Cockpit CMS version 2.5.2 that stems from the presence of a cross-site request forgery CSRF vulnerability. An attacker can exploit this vulnerability to execute arbitrary administrator commands...

Ruijie Networks BCR810W 操作系统命令注入漏洞

The Ruijie Networks BCR810W is an intelligent cloud router from Ruijie Networks China. An operating system command injection vulnerability exists in the Ruijie Networks BCR810W version 2.5.10. An attacker could exploit this vulnerability to conduct an OS command injection attack...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +300 more potentially affected by CVE-2023-34149 via org.apache.struts:struts2-core (>=2.0.5 <=2.5.30)

org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.2, =1.0, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2023-34149 Source advisory: OSV:GHSA-8F6X-V685-G2XC...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop jmsthemelayout version 2.5.5, which stems from vulnerability t...

WordPress plugin SparkPost 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

KeePass 安全漏洞

KeePass is an open source password manager. A security vulnerability exists in version 2.x prior to KeePass 2.54 that stems from the ability to recover plaintext master passwords from a memory dump even if the workspace is locked or no longer running...

Open Networking Foundation ONOS 安全漏洞

Open Networking Foundation ONOS is an open source SDN controller from Open Networking Foundation open source. It is used to build next-generation SDN/NFV solutions. A security vulnerability exists in Open Networking Foundation ONOS version 2.5.1, which stems from incorrect flow rules installed by...

PT-2023-12742 · Onos · Onos

Name of the Vulnerable Software and Affected Versions: ONOS version 2.5.1 Description: An issue was discovered where the purge-requested intent remains on the list but does not respond to changes in topology, such as link failure. In combination with other applications, this could lead to a failu...

Open Networking Foundation ONOS 安全漏洞

Open Networking Foundation ONOS is an open source SDN controller from Open Networking Foundation open source. for building next-generation SDN/NFV solutions. A security vulnerability exists in Open Networking Foundation ONOS version 2.5.1 that originates from the installation of invalid flow rule...

SUSE-SU-2023:1837-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - CVE-2022-23527: Fixed open redirect in oidcvalidateredirecturl using tab character bsc1206441. - CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied bsc1210073...

PT-2023-21050 · Ibm · Ibm Aspera Connect +1

Name of the Vulnerable Software and Affected Versions: IBM Aspera Cargo version 4.2.5 IBM Aspera Connect version 4.2.5 Description: The issue is caused by improper bounds checking, leading to a buffer overflow. An attacker could exploit this to execute arbitrary code on the system. Recommendation...

SUSE CVE-2004-0796

SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to cause a denial of service via certain malformed messages...

SUSE CVE-2005-0173

squidldapauth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists ACLs via a username with a space at the beginning or end, which is ignored by the LDAP server...

SUSE CVE-2009-4134

Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service application crash via a large ZSIZE value in a black-and-white aka B/W RGB image that triggers an invalid pointer dereference...