1065 matches found
SUSE-SU-2023:3222-1 Security update for gstreamer-plugins-ugly
This update for gstreamer-plugins-ugly fixes the following issues: - CVE-2023-38103: Fixed integer overflow during parsing of MDPR chunks bsc1213751. - CVE-2023-38104: Fixed integer overflow during parsing of MDPR chunks bsc1213750...
DLA-3520-1 libhtmlcleaner-java - security update
Bulletin has no description...
SUSE-SU-2023:2981-1 Security update for libqt5-qtsvg
This update for libqt5-qtsvg fixes the following issues: - CVE-2021-45930: Fixed an out-of-bounds write that may have lead to a denial-of-service bsc1196654. - CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont munitsPerEm variable bsc1211298...
GHSA-PMHC-2G4F-85CG Path Traversal in Apache Shiro
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha...
Improper restriction of XML external entity references (XXE) in XBRL data create application
Overview XBRL data create application provided by Financial Services Agency improperly restricts XML external entity references XXE CWE-611. Taku Toyama of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
CVE-2023-26512
CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh incubating V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master...
DSA-5449-1 webkit2gtk - security update
Bulletin has no description...
DLA-3468-1 hsqldb1.8.0 - security update
Bulletin has no description...
DLA-3463-1 opensc - security update
Bulletin has no description...
JVN#19243534: ESS REC Agent Server Edition for Linux etc. vulnerable to directory traversal
ESS REC Agent Server Edition for Linux etc. provided by Encourage Technologies Co.,Ltd. contain a directory traversal vulnerability CWE-23. Impact Arbitrary files on the server may be viewed or altered by an attacker. Solution Update the software Update the software to the latest version accordin...
SUSE-SU-2023:2275-1 Security update for openvswitch
This update for openvswitch fixes the following issues: - CVE-2023-1668: Fixed remote traffic denial of service via crafted packets with IP proto 0 bsc1210054. - CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV bsc1206580. - CVE-2022-4337: Fixed Out-of-Bounds Read in Organizati...
DSA-5409-1 libssh - security update
Bulletin has no description...
OPENSUSE-SU-2023:0111-1 Security update for qt6-svg
This update for qt6-svg fixes the following issues: - CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont munitsPerEm boo1211298...
Multiple vulnerabilities in Cybozu Garoon
Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3122 Denial-of-service DoS in Message CWE-400 - CVE-2023-26595 CyVDB-3142 Operation restriction bypass vulnerability in Message and Bulletin CWE-285 - CVE-2023-27304 CyVDB-3165 Operation...
DLA-3421-1 thunderbird - security update
Bulletin has no description...
JVN#31701509: Multiple vulnerabilities in MicroEngine Mailform
MicroEngine Mailform provided by MicroEngine Inc. contains multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 - CVE-2023-27397 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N| Base Score: 3.7 CVSS v2|...
LINE WORKS Drive Explorer vulnerable to code injection
Overview LINE WORKS Drive Explorer provided by WORKS MOBILE Japan Corp. contains a code injection vulnerability CWE-94. Koh M. Nakagawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker who can log...
PT-2023-2386 · Cisco · Cisco Industrial Network Director
Name of the Vulnerable Software and Affected Versions: Cisco Industrial Network Director affected versions not specified Description: The issue exists due to improper input validation when uploading a Device Pack, allowing an authenticated, remote attacker to execute arbitrary commands with...
DLA-3395-1 golang-1.11 - security update
Bulletin has no description...
PT-2023-2488 · Oracle · Peoplesoft Enterprise Hcm Human Resources
Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise HCM Human Resources version 9.2 Description: The issue is related to insufficient input validation in the Administer Workforce component. It allows a low-privileged attacker with network access via HTTP to compromise...