CVE-2022-4132

CVE-2022-4132 affects JSS. A memory leak in JSS can be triggered by non-standard configuration, creating a low-effort DoS vector by repeatedly hitting the login page. The available documents describe the issue and its impact but do not provide concrete patch versions, vendor remediation steps, or...

CVE-2022-4132 Memory leak on tls connections

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way repeatedly hitting the login page...

Personal Management System Code Issue Vulnerability

Personal Management System is a web application for managing personal data by Dariusz Personal Developer. A code issue vulnerability exists in Personal Management System v1.4.64, which stems from an arbitrary file upload vulnerability. The vulnerability can be exploited to execute arbitrary code ...

PT-2023-29009 · Unknown · Prison Management System

Name of the Vulnerable Software and Affected Versions: Personal Management System version 1.4.64 Description: The issue allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar. Recommendations: For Personal Management System version 1.4.64, conside...

PT-2023-29225 · Unknown · Sanitize-Html

Name of the Vulnerable Software and Affected Versions: HtmlSanitizer versions prior to 8.0.723 HtmlSanitizer version 8.1.722-beta and earlier Description: The issue occurs in configurations where foreign content is allowed, specifically when svg or math are in the list of allowed elements. This...

Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement

Microsoft security researchers recently identified a campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance. This attack technique demonstrates an approach weve seen in other cloud services such as VMs and Kubernetes cluster, but not in SQL Serve...

PT-2023-28944 · Unknown · Oscommerce

Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription1name parameter,...

CVE-2023-44216

PVRIC PowerVR Image Compression on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately...

UBUNTU-CVE-2023-44216

PVRIC PowerVR Image Compression on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately...

CVE-2023-34576

SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector...

PYSEC-2023-311

plone.namedfile allows users to handle File and Image fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by...

Plone Cross-Site Scripting Vulnerability

Plone is an open source content management system CMS built on the Zope application server. A cross-site scripting vulnerability exists in versions prior to plone.namedfile 5.6.1, 6.0.3, 6.1.3, and 6.2.1, which stems from a security issue with SVG images that was not fully fixed by previous...

Zope Security Vulnerability

Zope is a set of object-oriented, open source web application servers written in the Python language by the Zope community. A security vulnerability exists in Zope that stems from a stored cross-site scripting vulnerability XSS vulnerability in SVG images. The vulnerability can be exploited to...

GHSA-6QJF-7G3J-QX25 Neos CMS Cross Site Scripting vulnerability

Cross Site Scripting XSS vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file uploaded to the neos/management/media component. To make use of this attack vector, the attacker must either be able to upload a maliciously crafted fil...

Neos CMS Cross Site Scripting vulnerability

Cross Site Scripting XSS vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file uploaded to the neos/management/media component. To make use of this attack vector, the attacker must either be able to upload a maliciously crafted fil...

CVE-2023-37611

Cross Site Scripting XSS vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component...

Neos CMS Cross-Site Scripting Vulnerability

Neos CMS is an open source CMS software from Neos. A security vulnerability exists in Neos CMS version 8.3.3, which stems from the presence of a stored cross-site scripting XSS vulnerability. The vulnerability can be exploited by an attacker to execute arbitrary code by designing SVG files...

QNAP QTS Command Injection Vulnerability (QSA-23-18)

QNAP QTS is prone to a command injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescription...

QNAP QTS Multiple Vulnerabilities (QSA-23-19, QSA-23-21)

QNAP QTS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescription...

CVE-2023-4785

A flaw was found in gRPC. Lack of error handling in the TCP server in Google's gRPC, starting in version 1.23 on POSIX-compatible platforms for example, Linux, allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++,...