1065 matches found
JVN#67822421: OSS Calendar vulnerable to SQL injection
OSS Calendar provided by Thinkingreed Inc. contains an SQL injection vulnerability CWE-89. Impact A logged-in user may execute an arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request. Solution Update the software Update the software...
DLA-3649-1 python-urllib3 - security update
Bulletin has no description...
JVN#14762986: Improper restriction of XML external entity references (XXE) in e-Tax software
e-Tax software provided by National Tax Agency improperly restricts XML external entity references XXE CWE-611 due to the configuration of the embedded XML parser. Impact Processing a specially crafted XML file may lead to exposure of internal files on the system. Solution Update the Software...
PT-2023-28221 · Ibm · Ibm Cics Tx Standard +2
Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard versions 10.1 through 11.1 IBM CICS TX Advanced version 10.1 IBM TXSeries for Multiplatforms versions 8.1 through 9.1 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the...
Improper restriction of XML external entity references (XXE) in Proself
Overview Proself provided by North Grid Corporation improperly restricts XML external entity references XXE CWE-611. The developer states that attacks exploiting this vulnerability have been observed. North Grid Corporation reported this vulnerability to JPCERT/CC to notify users of its solution...
DLA-3617-2 tomcat9 - regression update
Bulletin has no description...
DLA-3599-1 exim4 - security update
Bulletin has no description...
SUSE-SU-2023:3834-1 Security update for container-suseconnect
This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release bsc1212475...
SUSE-SU-2023:3829-1 Security update for libwebp
This update for libwebp fixes the following issues: - CVE-2023-4863: Fixed heap buffer overflow bsc1215231...
Multiple vulnerabilities in Panasonic KW Watcher
Overview KW Watcher provided by Panasonic contains multiple vulnerabilities listed below. Improper restriction of operations within the bounds of a memory buffer CWE-119 - CVE-2023-3471 Use after free CWE-416 - CVE-2023-3472 Michael Heinzl reported these vulnerabilities to Panasonic and...
SUSE-SU-2023:3794-1 Security update for libwebp
This update for libwebp fixes the following issues: - CVE-2023-4863: Fixed a heap buffer overflow bsc1215231...
DLA-3580-1 libapache-mod-jk - security update
Bulletin has no description...
DSA-5500-1 flac - security update
Bulletin has no description...
Pyramid vulnerable to directory traversal
Overview Pyramid provided by Pylons Project contains a directory traversal vulnerability. Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact index.html located one directory abov...
DSA-5489-1 file - security update
Bulletin has no description...
JVN#60140221: Multiple vulnerabilities in i-PRO VI Web Client
VI Web Client provided by i-PRO Co., Ltd. is Video Insight’s video management software. VI Web Client contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2023-38574 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7...
DLA-3552-1 gst-plugins-ugly1.0 - security update
Bulletin has no description...
DSA-5479-1 chromium - security update
Bulletin has no description...
DSA-5476-1 gst-plugins-ugly1.0 - security update
Bulletin has no description...
PT-2023-26584 · Unknown · Special Interest Group Network For Analysis/Liaison
Name of the Vulnerable Software and Affected Versions: Special Interest Group Network for Analysis and Liaison versions 4.4.0 through 4.7.7 Description: The issue allows authorized API users to view attribute information of the poster that is set as "non-disclosure" in the system settings. This i...