157 matches found
PT-2023-29699 · Wagtail · Wagtail
Name of the Vulnerable Software and Affected Versions: Wagtail versions prior to 4.1.8 Wagtail versions prior to 5.0.5 Wagtail versions prior to 5.1.3 Description: A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bu...
SUSE CVE-2023-45148
Nextcloud is an open source home cloud server. When Memcached is used as memcache.distributed the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgra...
PT-2023-5833 · Unknown · Jumpserver
Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 2.28.19 JumpServer versions prior to 3.6.5 Description: The issue is related to the exposure of the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, whi...
PT-2023-5115 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.4 through 2.6.14 Argo CD versions 2.7 through 2.7.13 Argo CD versions 2.8 through 2.8.2 Description: The Argo CD repo-server component is vulnerable to a Denial-of-Service attack vector. This vulnerability occurs because th...
AZL-37359 CVE-2023-39533 affecting package golang for versions less than 1.21.6-1
go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...
PT-2023-24516 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 8.10 through 16.0.7 GitLab versions 16.1 through 16.1.2 GitLab versions 16.2 through 16.2.1 Description: An issue has been discovered in GitLab where a user importing a project 'from export' could access and read unrelated fil...
PT-2023-4688 · Qt Company +8 · Qt +8
Name of the Vulnerable Software and Affected Versions: Qt versions prior to 5.15.15 Qt versions 6.x prior to 6.2.10 Qt versions 6.3.x through 6.5.x prior to 6.5.3 Description: The issue is related to infinite loops in recursive entity expansion, which can lead to a denial of service. This can be...
PT-2023-16319 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.4 through 15.10.7 GitLab CE/EE versions 15.11 through 15.11.6 GitLab CE/EE versions 16.0 through 16.0.1 Description: An issue has been discovered in GitLab CE/EE where open redirection was possible via HTTP response...
Acceptance of Extraneous Untrusted Data With Trusted Data
Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Acceptance of Extraneous Untrusted Data With Trusted Data through the processing of shortcodes in user-generated content. An attacker can manipulate...
PT-2023-2918 · Mitel · Mitel Mivoice Connect
Name of the Vulnerable Software and Affected Versions: Mitel MiVoice Connect versions through 19.3 SP2 Mitel MiVoice Connect versions 20.x Mitel MiVoice Connect versions 21.x Mitel MiVoice Connect versions 22.x through 22.24.1500.0 Description: The issue is related to insufficient validation for...
PT-2023-23172 · Unknown · Dhis2 Core
Name of the Vulnerable Software and Affected Versions: DHIS2 Core versions prior to 2.37.9.1 DHIS2 Core versions prior to 2.38.3.1 DHIS2 Core versions prior to 2.39.1.2 Description: DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in th...
SUSE CVE-2023-30539
Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system tag based files access control or files retention rules. It is recommended that the Nextcloud Serv...
PT-2023-21233 · Cilium +1 · Cilium +1
Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.11.15 Cilium versions prior to 1.12.8 Cilium versions prior to 1.13.1 Description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with access to a Cilium agent...
PT-2023-19853 · Hashicorp +1 · Hashicorp Vault +2
Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions prior to 1.10.11 HashiCorp Vault and Vault Enterprise versions prior to 1.11.8 HashiCorp Vault and Vault Enterprise versions prior to 1.12.4 HashiCorp Vault and Vault Enterprise versions prior to...
PT-2023-20664 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 1.3-rc-1 through 13.10.10 XWiki Platform versions 14.4.0 through 14.4.6 XWiki Platform versions 14.10.0 Description: XWiki Platform is a generic wiki platform where any user with edit right can execute arbitrary databa...
PT-2023-16326 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.0 through 15.6.7 GitLab CE/EE versions 15.7 through 15.7.6 GitLab CE/EE versions 15.8 through 15.8.1 Description: An issue has been discovered in GitLab CE/EE that allows a DoS attack to be triggered by uploading a...
PT-2023-19941 · Wings · Wings
Name of the Vulnerable Software and Affected Versions: Wings versions prior to v1.11.3 Wings versions prior to v1.7.3 Description: The vulnerability in Wings allows attackers to create new files and directory structures on the host system, potentially enabling them to change resource allocations,...
PT-2022-28061 · Typo3 · Fp Newsletter
Name of the Vulnerable Software and Affected Versions: fp newsletter extension versions prior to 1.1.1 fp newsletter extension version 1.2.0 fp newsletter extension versions 2.x prior to 2.1.2 fp newsletter extension versions 2.2.1 through 2.4.0 fp newsletter extension versions 3.x prior to 3.2.6...
PT-2022-26178 · Dhis2 · Dhis2
Name of the Vulnerable Software and Affected Versions: DHIS2 versions prior to 2.36.12.1 DHIS2 versions prior to 2.37.8.1 DHIS2 versions prior to 2.38.2.1 DHIS2 versions prior to 2.39.0.1 Description: DHIS 2 is an open source information system for data capture, management, validation, analytics...
PT-2022-26166 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.6RC1 XWiki Platform versions prior to 13.10.8 XWiki Platform versions prior to 14.4.3 Description: The issue allows users without the right to view documents to deduce their existence by repeated Livetable...