pimcore is vulnerable to cross-site scripting in Composite indices key field

Impact Pimcore is vulnerable to Cross site scripting vulnerability in classes module. Patches Update to version 10.5.20. Workarounds Apply the patch https://github.com/pimcore/pimcore/commit/765832f0dc5f6cfb296a82e089b701066f27bcef.patch manually...

GHSA-2XPM-CMVW-3JCC Reflected XSS in Application Logger module

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.19 or apply this patch manually...

Cross-site Scripting (XSS) in Document Types

Impact Unsecured Name field in Document Types module in Settings. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.19 or apply this...

PT-2023-15990 · WordPress · Client Logo Carousel

Name of the Vulnerable Software and Affected Versions: The Client Logo Carousel WordPress plugin versions 3.0.0 and earlier Description: The issue is related to the plugin not validating and escaping some of its shortcode attributes before outputting them back in a page or post where the shortcod...

PT-2023-16105 · Unknown · Velociraptor

Name of the Vulnerable Software and Affected Versions: Velociraptor versions prior to 0.6.7-5 Description: The issue allows a low privilege user to overwrite files on the server, including Velociraptor configuration files, due to the VQL copy function not checking for permission to write files. T...

PT-2022-26265 · WordPress · Chained Quiz

Name of the Vulnerable Software and Affected Versions: Chained Quiz plugin for WordPress versions up to, and including, 1.3.2 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to...

PT-2022-26114 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow version 2.10.1 TensorFlow version 2.9.3 TensorFlow version 2.8.4 Description: The issue occurs when ops with specified input sizes receive a differing number of inputs, causing the executor to cras...

PT-2022-6453 · Adobe · Dimension

Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 3.4.7 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as...

PT-2022-35085 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue concerns an error handling path in the da7219 register dai clks function. It was introduced in version v5.10 and fixed in version v6.0.3. The actual impact and attack plausibility...

PT-2022-35268 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue concerns an out-of-bounds read in the adp5061 get chg type function. This problem has been identified but its actual impact and potential for attack have not been confirmed...

PT-2022-35634 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.118 Description: The issue is related to a potential security vulnerability in the Linux Kernel, specifically in the drm/amdkfd component. The actual impact and attack plausibility have not yet been proven...

PT-2022-35622 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.220 Description: A potential memory leak was identified in the rtw init cmd priv function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prio...

CVE-2022-35921

fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to...

PT-2023-4305 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 103.0.5060.53 Description: The issue is related to a use after free in the Media component, allowing a remote attacker to perform arbitrary read/write via a crafted HTML page. This can be exploited by a remote...

PT-2022-6878 · Oracle +1 · Virtualbox +1

Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox versions prior to 6.1.38 Description: The issue is related to insufficient input validation in the PGMPhysRead function of the Core component in Oracle VM VirtualBox. This allows a high-privileged attacker with logon to t...

PT-2021-7681 · Adobe · Dimension

Name of the Vulnerable Software and Affected Versions: Adobe Dimension version 3.4.5 Description: The issue is related to a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where a...

CVE-2021-39199

remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default was never safe and had to be opted into. That is, user input was not sanitized. This means arbitra...

PT-2021-3940 · Adobe · Character Animator

Name of the Vulnerable Software and Affected Versions: Adobe Character Animator versions 4.2 and earlier Description: The issue is caused by a memory corruption vulnerability when parsing a specially crafted file, allowing an unauthenticated attacker to achieve arbitrary code execution in the...

PT-2021-20839 · Zimbra · Zimbra Web Client +1

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.8.0 through 8.8.15 Patch 22 Zimbra Collaboration Suite versions 9.0.0 through 9.0.0 Patch 15 Description: A security issue exists in the login component of Zimbra Web Client, where an attacker can execute...

PT-2021-9833 · Siemens · Sinamics Sl150 +6

Name of the Vulnerable Software and Affected Versions: SIMATIC HMI Comfort Panels incl. SIPLUS variants versions prior to V16 Update 3a SIMATIC HMI KTP Mobile Panels versions prior to V16 Update 3a SINAMICS GH150 all versions SINAMICS GL150 with option X30 all versions SINAMICS GM150 with option...