PT-2023-25030 · Bludit · Bludit

Name of the Vulnerable Software and Affected Versions: Bludit version 3.14.1 Description: The issue allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file in the /admin/new-content component. This is possible due to an arbitrary file upload vulnerability. It's...

Bludit 代码问题漏洞

Bludit is an open source lightweight blog content management system CMS. A code issue vulnerability exists in Bludit v3.14.1, which stems from an arbitrary file upload vulnerability in the component /admin/new-content that allows an attacker to execute arbitrary web script or HTML by uploading a...

The vulnerability of the AES encryption algorithm implementation in TP-Link Tapo C200 IP cameras’ microprogramming software allows a intruder to gain unauthorized access to protected information.

The vulnerability of the AES encryption algorithm implemented in TP-Link Tapo C200 IP cameras relates to the repetition of character sequences in the encrypted text due to incorrect processing of the initialization vector. Exploiting this vulnerability can allow an intruder to gain unauthorized...

CVE-2023-2747

The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...

CVE-2023-2747

The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...

Design/Logic Flaw

The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...

CVE-2023-2747 Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data

The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...

CVE-2023-2747

The CVE-2023-2747 issue concerns an uninitialized initialization vector (IV) used by the Secure Engine (SE) to encrypt data stored in SE flash memory, impacting Silicon Labs Gecko SDK/SE firmware. Concrete details from connected documents indicate the affected firmware range is Gecko SE firmware ...

mina-sshd: Java unsafe deserialization vulnerability

A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server...

CVE-2023-2847

During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied th...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by an attacker to cause local information to be disclosed without additional execute privileges...

(0Day) Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

PT-2023-21148 · Silabs.Com +1 · Gsdk +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized. This issue affects the encryption process, potentially...

IBM PowerVM Hypervisor 安全漏洞

IBM PowerVM Hypervisor is an application from International Business Machines IBM, Inc. Providing a secure and scalable virtualized environment, these applications are built on the advanced RAS capabilities and leading performance of the Power Systems platform. An information disclosure...

Security Bulletin: A vulnerability in Certifi package may affect IBM Storage Scale (CVE-2022-23491)

Summary A vulnerability in Certifi package may affect the IBM Storage Scale call home feature. Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with TrustCor's ownership also operated a business that produced spyware in Certifi has an unknown impact and attack vecto...

CVE-2023-34944

An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11. up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file...

Chamilo LMS 代码问题漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS versions 1.11.0 through 1.11.1...

Synology DiskStation Manager 安全特征问题漏洞

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology, a Chinese company. This operating system manages information such as data, files, photos, music, and more. A security feature issue vulnerability exists in Synology DiskStation Manager...

Vapor's Metrics integration could cause a system drain

This is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app with the following attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create “unlimited” counters and timers, which will eventually drain the system. 2...

UBUNTU-CVE-2023-29401

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...