GitLab < 15.5.9 (CRITICAL-SECURITY-RELEASE-GITLAB-15-7-5-RELEASED)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Git is distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst...

PT-2023-30931 · Unknown · Quantumcloud Chatbot

Name of the Vulnerable Software and Affected Versions: QuantumCloud AI ChatBot versions through 4.7.8 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection. This allows for potential exploitation of the QuantumCloud...

PT-2023-30947 · Svgator · Svgator

Name of the Vulnerable Software and Affected Versions: SVGator – Add Animated SVG Easily versions 1.2.4 and earlier Description: A Cross-Site Request Forgery CSRF issue has been identified. This type of issue allows an attacker to trick a user into performing unintended actions on a web applicati...

Low: vim

Issue Overview: Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit 25aabc2b which has been included in...

PT-2023-30416 · Unknown · Silverpeas Core

Name of the Vulnerable Software and Affected Versions: Silverpeas Core version 6.3.1 Description: The notification/messaging feature does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users, including those sent only to...

Elasticsearch 8.11.2, 7.17.16 Security Update (ESA-2023-29)

Elasticsearch Insertion of Sensitive Information into Log File ESA-2023-29 An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has...

PT-2023-31555 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS version 5.0.0 Description: The issue allows a remote attacker to read files via ../ Directory Traversal in the "/common/down/file" fileKey parameter. This could potentially lead to unauthorized access to sensitive information...

PT-2023-22021 · Ncp · Ncp Secure Enterprise Client

Name of the Vulnerable Software and Affected Versions: NCP Secure Enterprise Client versions prior to 12.22 Description: The issue allows attackers to read registry information of the operating system by creating a symbolic link. This is possible due to a flaw in the Support Assistant component o...

SUSE CVE-2023-47106

Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path...

SUSE CVE-2023-47633

Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions...

PYSEC-2023-291

PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, o...

PYSEC-2023-291

PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, o...

CVE-2023-48698 Azure RTOS USBX Remote Code Execution Vulnerability

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host...

CVE-2023-48692 Azure RTOS NetX Duo Remote Code Execution Vulnerability

Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to icmp,...

CVE-2023-48316 Azure RTOS NetX Duo Remote Code Execution Vulnerability

Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to snmp,...

CVE-2023-49290 Malicious parameters can cause a denial of service in lestrrat-go/jwx

lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...

UBUNTU-CVE-2023-49285

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds fo...

DEBIAN-CVE-2023-49080

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...

PT-2023-30753 · Nitin Rathod · Wp Forms Puzzle Captcha

Name of the Vulnerable Software and Affected Versions: WP Forms Puzzle Captcha versions n/a through 4.1 Description: A Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS. Recommendations: For WP Forms Puzzle Captcha versions n/a through 4.1,...

PT-2023-32558 · M Files · M-Files Server

Name of the Vulnerable Software and Affected Versions: M-Files server versions prior to 23.11.13156.0 Description: The issue is related to missing access permissions checks in the M-Files server, allowing attackers to perform data write and export jobs using the M-Files API methods...