PT-2023-2906 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.2.0 through 1.6.0 Description: The issue is related to an incorrect permission assignment for a critical resource in Apache InLong, allowing a remote attacker to elevate their privileges and bind any cluster, even if...

CVE-2023-32679 Remote Code Execution via unrestricted file extension in Craft CMS

Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string'' in the View.php's doesTemplateExist - resolveTemplate - resolveTemplateInternal -...

OESA-2023-1289 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create...

CVE-2023-32680 Missing SQL permissions check in metabase

Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that requirement. This lack of enforcement meant that:...

CVE-2023-32322 Arbitrary file read in Ombi

Ombi is an open source application which allows users to request specific media from popular self-hosted streaming servers. Versions prior to 4.38.2 contain an arbitrary file read vulnerability where an Ombi administrative user may access files available to the Ombi server process on the host...

SUSE CVE-2023-24805

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler beh to create an accessible network printer, this security vulnerability can cause remote code execution. beh.c...

CVE-2023-32309 Arbitrary file inclusion with the pymdowm-snippets extension

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the...

CVE-2023-32314 Sandbox Escape

vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of Proxy. As a result a threat actor can bypass the sandbox...

n8n-nodes-accelo (>=0.1.0 <=0.1.9), n8n-nodes-closeio (=0.1.0) +7 more potentially affected by CVE-2023-27562 via n8n (>=0.138.0 <=0.214.5)

n8n NPM version =0.138.0, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.1.7 Source cves: CVE-2023-27562 Source advisory: OSV:GHSA-P58X-7733-VP9M...

PYSEC-2023-27

mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...

SUSE CVE-2023-26048

Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support e.g. annotated with @MultipartConfig that call HttpServletRequest.getParameter or HttpServletRequest.getParts may cause OutOfMemoryError when the client sends a multipart request with a part...

CVE-2023-30610 AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending

aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The awssigv4::SigningParams struct had a derived Debug implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is...

CVE-2023-29512 Code injection in xwiki-platform-web-templates

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page e.g., it's own user page, can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is...

CVE-2023-29522 Code injection from view right on XWiki.ClassSheet in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki...

CVE-2023-29520 Page render failure due to broken translations in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The vulnerability has been...

CVE-2023-29524 Code injection from account through XWiki.SchedulerJobSheet in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute anything with the right of the Scheduler Application sheet page. A user without script or programming rights, edit your user profile with the object editor and add a n...

CVE-2023-30538 Stored Cross-site Scripting via improper sanitization of svg files in Discourse

Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Use...

DEBIAN-CVE-2023-28856

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised ...

AZL-26290 CVE-2023-28856 affecting package redis for versions less than 6.2.12-1

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised ...

DEBIAN-CVE-2023-26049

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with " double...