Interface improperly implemented

Lines of code 34, 34, 34, 34, 30, 31, 32, 34, 35, 38https://github.com/Tapioca-DAO/tapioca-yieldbox-strategies-audi...

PT-2023-7562 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla affected versions not specified Description: The issue is related to the language file parsing process, which could be manipulated to expose environment variables. These environment variables might contain sensitive information. The...

VulnCheck KEV: CVE-2021-41569

SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library included by default in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro...

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

ownCloud Security Breach

ownCloud is a suite of personal cloud storage solutions from the US-based company ownCloud. A security vulnerability exists in ownCloud graphapi versions prior to 0.2.1, 0.3.1 and 0.3.1. The vulnerability stems from the fact that the graphapi application relies on the third-party GetPhpInfo.php...

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

PT-2023-7082

Name of the Vulnerable Software and Affected Versions ownCloud owncloud/graphapi versions 0.2.x through 0.2.0 and versions 0.3.x through 0.3.0 Description The issue is related to the graphapi app in ownCloud, which relies on a third-party GetPhpInfo.php library. This library provides a URL that,...

CVE-2023-6062

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition...

CVE-2023-6178

An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition...

Nessus Buffer Error Vulnerability

Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. A security vulnerability exists in Nessus 10.6.2 and earlier versions that originated from a vulnerability that allows an attacker with administrator privileges to change Nessus rule...

PT-2023-7204 · Nessus · Nessus

Name of the Vulnerable Software and Affected Versions: Nessus affected versions not specified Description: The issue is related to an arbitrary file write vulnerability. An authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to...

CVE-2023-46672

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: Logstash is configured to log in JSON format...

Logstash 8.11.1 Security Update (ESA-2023-26)

Logstash Insertion of Sensitive Information into Log File ESA-2023-26 An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: Logstash is configured to log in JSON format...

kernel: drm/gud: Fix UBSAN warning

A flaw was found in the GUD Generic USB Display driver in the Linux kernel. Uninitialized iosysmap variables on the stack contain garbage values in their isiomem boolean field. When iosysmapclear checks this field, UBSAN flags it as an invalid boolean value, indicating potential undefined behavio...

kernel: cipso: Fix data-races around sysctl.

In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READONCE to avoid data-races...

Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability

Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment variable. Using a crafted request, which sets the variable PHPRC, an attacker is able to modify the P...

Juniper Junos OS EX Series PHP External Variable Modification Vulnerability

Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables, leading to...

GitLab 11.6 < 16.3.6 / 16.4 < 16.4.2 / 16.5 < 16.5.1 (CVE-2023-3399)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was...

PT-2023-9434 · Google +2 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 123.0.6312.58 Description: The issue is related to the use of uninitialized variables in the V8 JavaScript engine of Google Chrome. This could allow a remote attacker to perform out of bounds memory access via ...

ncurses security and bug fix update

6.2-10.20210508 - ignore TERMINFO and HOME only if setuid/setgid/capability 2211666 6.2-9.20210508 - fix buffer overflow on terminfo with too many capabilities CVE-2023-29491 - ignore TERMINFO and HOME environment variables if running as root 2211666...