772 matches found
QNAP Systems Notes Station 安全漏洞
QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. QNAP Notes Station 3 suffers from an authentication missing vulnerability that stems from the inclusion of ...
CVE-2024-52531 affecting package libsoup for versions less than 3.0.4-2
CVE-2024-52531 affecting package libsoup for versions less than 3.0.4-2. A patched version of the package is available...
CVE-2024-52523 Nextcloud Server Custom defined credentials of external storages are sent back to the frontend
Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active sessi...
CVE-2022-20931
A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control. An attacker could...
CVE-2022-20931
A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control. An attacker could...
CVE-2022-20931 Cisco Touch 10 Device Downgrade Attack Vulnerability
A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control. An attacker could...
CVE-2024-47756 affecting package kernel for versions less than 6.6.56.1-5
CVE-2024-47756 affecting package kernel for versions less than 6.6.56.1-5. An upgraded version of the package is available that resolves this issue...
CLSA-2024-1730142448 python-setuptools: Fix of CVE-2024-6345
CVE-2024-6345: modernize packageindex VCS handling...
CVE-2024-9180
A flaw was found in HashiCorp Vault. This vulnerability allows a privileged Vault operator with write permissions to the root namespace's identity endpoint to escalate their privileges to Vault’s root policy...
Cross Site Scripting(XSS)
Decidim is vulnerable to a Cross-site scripting XSS. The vulnerability is due to XSS through a malformed URL in the version control feature used in resources. which allows an attacker to exploit XSS...
GHSA-CC4G-M3G7-XMW8 Decidim has a cross-site scripting vulnerability in the version control page
Impact The version control feature used in resources is subject to potential cross-site scripting XSS attack through a malformed URL. Workarounds Not available References OWASP ASVS v4.0.3-5.1.3 Credits This issue was discovered in a security audit organized by Open Source Politics against Decidi...
Decidim has a cross-site scripting vulnerability in the version control page
Impact The version control feature used in resources is subject to potential cross-site scripting XSS attack through a malformed URL. Workarounds Not available References OWASP ASVS v4.0.3-5.1.3 Credits This issue was discovered in a security audit organized by Open Source Politics against Decidi...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the version control feature due to improper user input sanitization. An attacker can manipulate the output of the page by injecting malicious scripts through a malformed URL. Details Cross-site scripting...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the version control feature due to improper user input sanitization. An attacker can manipulate the output of the page by injecting malicious scripts through a malformed URL. Details Cross-site scripting...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the version control feature due to improper user input sanitization. An attacker can manipulate the output of the page by injecting malicious scripts through a malformed URL. Details Cross-site scripting...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the version control feature due to improper user input sanitization. An attacker can manipulate the output of the page by injecting malicious scripts through a malformed URL. Details Cross-site scripting...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the version control feature due to improper user input sanitization. An attacker can manipulate the output of the page by injecting malicious scripts through a malformed URL. Details Cross-site scripting...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the version control feature due to improper user input sanitization. An attacker can manipulate the output of the page by injecting malicious scripts through a malformed URL. Details Cross-site scripting...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the version control feature due to improper user input sanitization. An attacker can manipulate the output of the page by injecting malicious scripts through a malformed URL. Details Cross-site scripting...
CVE-2024-41673 Decidim has a cross-site scripting vulnerability in the version control page
Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8...