python-certifi: Removal of e-Tugra root certificate

A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector...

python-certifi: Removal of e-Tugra root certificate

A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector...

CVE-2023-6151

CVE-2023-6151 affects the ESKOM Computer e-municipality module prior to version 105. The issue stems from the incorrect use of privileged APIs , enabling collection of data provided by users and yielding a high confidentiality impact . Public references in the connected data confirm the affected ...

CVE-2023-6329

CVE-2023-6329 affects Control iD iDSecure (v4.7.32.0 and earlier) where iDS-Core.dll’s login routine contains a passwordCustom option that enables an unauthenticated attacker to compute valid credentials and bypass authentication to gain administrative access. The impact is authenticated-remote a...

CVE-2023-41257

A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker...

GHSA-RQR8-PXH7-CQ3G Ethereum ABI decoder DoS when parsing ZST

With this notification I would like to inform about a DoS vector in the Ethereum ABI decoder. We have not yet found a way to exploit this with high impact, still the bug could potentially lead to a DoS in server systems. Feel free to ask about an extension of the embargo period. Trail of Bits is...

CVE-2023-49146

DOMSanitizer aka dom-sanitizer before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions...

Measures Healthcare Providers Can Take to Mitigate Disruptions

Earlier this month, an internet outage affected public healthcare clusters in Singapore, including major hospitals and polyclinics, lasting more than seven hours from 9:20 am. Investigations identified that a distributed denial-of-service DDoS attack was the cause of the online service outage. DD...

CVE-2023-29069

A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability...

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

PT-2023-31065 · Unknown · Domsanitizer

Name of the Vulnerable Software and Affected Versions: DOMSanitizer versions prior to 1.0.7 Description: The issue arises from the mishandling of comments and the use of greedy regular expressions in SVG documents, leading to a potential XSS attack. Recommendations: For versions prior to 1.0.7,...

DOMSanitizer Security Vulnerability

DOMSanitizer is a DOM Document Object Model security operation or filter by Andy Miller, a personal developer. A security vulnerability exists in versions of DOMSanitizer prior to 1.0.7 that stems from mishandling of annotations and greedy regular expressions, allowing cross-site scripting XSS...

The vulnerability of the library for working with SVG images in Apache Batik, related to insufficient validation of incoming requests, allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Apache Batik SVG-image processing library lies in insufficient validation of incoming requests. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information or cause service failures...

hw: Intel: Gather Data Sampling (GDS) side channel vulnerability

A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical core...

hw: Intel: Gather Data Sampling (GDS) side channel vulnerability

A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical core...

python-certifi: Removal of e-Tugra root certificate

A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector...

python-certifi: Removal of e-Tugra root certificate

A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector...

hw: Intel: Gather Data Sampling (GDS) side channel vulnerability

A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical core...

PT-2023-9698 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 27.1.10 Nextcloud Server versions prior to 28.0.6 Nextcloud Server versions prior to 29.0.1 Nextcloud Enterprise Server versions prior to 24.0.12.15 Nextcloud Enterprise Server versions prior to 25.0.13.10...

CVE-2023-48293 XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allow...