CVE-2023-6548

CVE-2023-6548 is a Code Injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway. The issue allows authenticated remote code execution on the management interface (NSIP/CLIP/SNIP) due to improper generation of code, affecting the management plane. Exploitation has been observed in th...

Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Confluence Data Center and Server

This High severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in versions 6.10.0 of Confluence Data Center and Server. This org.apache.tomcat:tomcat-catalina Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

CVE-2024-20974

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

POLY1305 MAC implementation corrupts vector registers on PowerPC

...

CVE-2024-21673

This High severity Remote Code Execution RCE vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution RCE vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker t...

Remote code execution

This High severity Remote Code Execution RCE vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution RCE vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker ...

Remote code execution

This High severity Remote Code Execution RCE vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution RCE vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker t...

CVE-2024-21673

This High severity Remote Code Execution RCE vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution RCE vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker t...

CVE-2024-21674

This High severity Remote Code Execution RCE vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution RCE vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker ...

CVE-2024-21673

This High severity Remote Code Execution RCE vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution RCE vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker t...

CVE-2024-21672

This High severity Remote Code Execution RCE vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution RCE vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker t...

CVE-2024-21674

CVE-2024-21674 affects Atlassian Confluence Data Center and Server, introduced in 7.13.0, enabling unauthenticated remote code execution (RCE) with high confidentiality impact (CVSSv3.0: 8.6, AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). Upgraded fixed versions are 7.19.18+, 8.5.5+, or 8.7.2+ (recommend ...

Webkul Software Bagisto Security Vulnerability

Webkul Software Bagisto is an open source e-commerce framework from Indian company Webkul Software. A security vulnerability exists in Webkul Software Bagisto v.1.5.0 and earlier versions, which stems from a cross-site scripting vulnerability that allows an attacker to execute arbitrary code via ...

RCE (Remote Code Execution) in Confluence Data Center and Server

This High severity Remote Code Execution RCE vulnerability was introduced in version 1.0 of Confluence Data Center and Server. Remote Code Execution RCE vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to...

RCE (Remote Code Execution) in Confluence Data Center and Server

This High severity Remote Code Execution RCE vulnerability was introduced in version 2.1 of Confluence Data Center and Server. Remote Code Execution RCE vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker to...

UBUNTU-CVE-2023-51698

Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CB...

PHPJabbers Cleaning Business Software Cross-Site Scripting Vulnerability

PHPJabbers Cleaning Business Software is a cleaning reservation software from PHPJabbers Serbia. PHPJabbers Cleaning Business Software suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

FreeBSD : OpenSSL -- Vector register corruption on PowerPC (8337251b-b07b-11ee-b0d7-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8337251b-b07b-11ee-b0d7-84a93843eb75 advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might...

CVE-2023-45139 fonttools XML External Entity Injection (XXE) Vulnerability

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

CVE-2023-6129

A flaw was found in in the POLY1305 MAC message authentication code implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate t...