PT-2023-28073 · Yydevelopment · Back To The Top Button

Name of the Vulnerable Software and Affected Versions: YYDevelopment Back To The Top Button plugin versions = 2.1.5 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For YYDevelopment...

OESA-2023-1700 snappy-java security update

A Java port of the snappy, a fast compresser/decompresser written in C++. Security Fixes: snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data wit...

DEBIAN-CVE-2023-43646

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

DEBIAN-CVE-2023-42453

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event if they knew the room ID and event ID. Note that the users were not able to view the events, but simply mark it as read. This could be confusing as...

UBUNTU-CVE-2023-41321

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...

PYSEC-2023-185

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...

PYSEC-2023-180

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event if they knew the room ID and event ID. Note that the users were not able to view the events, but simply mark it as read. This could be confusing as...

DEBIAN-CVE-2023-43642

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverab...

PT-2023-5604 · D Link · D-Link Dar-8000 +1

Name of the Vulnerable Software and Affected Versions: D-Link DAR-7000 and DAR-8000 up to 20151231 Description: A critical vulnerability affects the file /Tool/uploadfile.php, allowing unrestricted upload through the manipulation of the file upload argument. This can be initiated remotely,...

Malicious code in lodarshe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 62e828ed31173431b02c083662f9a335a029b2a2d17878304eaa4e0314f1bf9e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2023-18739 · Samsung · Samsung Knox

Name of the Vulnerable Software and Affected Versions: Samsung Knox versions 2.8.60 and earlier Description: The issue allows an attacker to gain elevated privileges on the device. Recommendations: For versions 2.8.60 and earlier, update to a version later than 2.8.60 to resolve the issue...

SUSE CVE-2023-39515

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...

DEBIAN-CVE-2023-41053

Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been...

PT-2023-27508 · Flatsome · Flatsome

Name of the Vulnerable Software and Affected Versions: Flatsome | Multi-Purpose Responsive WooCommerce Theme versions 3.17.5 and earlier Description: The issue is related to Deserialization of Untrusted Data, which can lead to Unauthenticated PHP Object Injection. It is estimated to affect over...

DEBIAN-CVE-2023-39365

Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advise...

UBUNTU-CVE-2023-39365

Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advise...

UBUNTU-CVE-2023-39358

Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the reportsuser.php file. In...

CVE-2023-39360

Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data. The vulnerability is found in graphsnew.php. Several validations are performed, but the...

UBUNTU-CVE-2023-39366

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...

CVE-2023-39515 Stored Cross-site Scripting on data_debug.php datasource path view in Cacti

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...