126 matches found
Fixed in Apache Tomcat 9.0.80
Moderate: Open redirect CVE-2023-41080 If the ROOT default web application is configured to use FORM authentication then it is possible that a specially crafted URL could be used to trigger a redirect to an URL of the attackers choice. This was fixed with commit 77c0ce2d. This issue was reported ...
CVE-2023-2865 SourceCodester Theme Park Ticketing System GET Parameter print_ticket.php sql injection
A vulnerability was found in SourceCodester Theme Park Ticketing System 1.0. It has been classified as critical. This affects an unknown part of the file printticket.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate...
formigal-panticosa.com Cross Site Scripting vulnerability OBB-3329859
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2023-16736 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 15.5 through 15.8.4 GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 Description: An issue has been discovered in GitLab due to improper permissions checks, allowing an unauthorized user to remove an...
CVE-2022-34474
Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox 102...
GHSA-MR77-4PM4-X9VM Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module
A Cross-site scripting XSS vulnerability in the Portal Search module before 6.0.12 from Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the tag...
BELL-CVE-2022-3541 CVE-2022-3541 does not affect BellSoft software
Bulletin has no description...
Security Advisory 2022-10-17-1 - Multiple issues in mac80211 and cfg80211 (CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721 and CVE-2022-42722)
DESCRIPTION Multiple vulnerabilities were found in the Linux Kernel mac80211 and cfg80211 framework. OpenWrt takes the mac80211 and cfg80211 framework from the wireless backports project which copies it from a more recent Linux kernel version. These vulnerabilities are in the multi BSSID MBSSID...
aliby (>=0.1.18 <=0.1.55), aliby-baby (>=0.1.11 <=0.1.17) +29 more potentially affected by CVE-2022-35995 via tensorflow (>=2.9.0 <=2.9.0rc2)
tensorflow PYPI version =2.9.0, =0.1.18, =0.1.11, =0.30.0, =0.0.0, =1.3.0, =0.3.0, =1.0.1, =1.2.0, =0.0.6, =1.0.12, =0.1.0, =0.1.1 and more Source cves: CVE-2022-35995 Source advisory: OSV:GHSA-G9H5-VR8M-X2H4...
CVE-2022-29922 A vulnerability exists in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS ...
Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the...
ai.ylyue:yue-library-auth-client (>=j8.2.3.0 <=j11.2.3.3), ai.ylyue:yue-library-auth-service (>=j8.2.3.0 <=j11.2.3.3) +7525 more potentially affected by CVE-2021-22096 via org.springframework:spring-core (>=5.2.0.RELEASE <=5.2.17.RELEASE)
org.springframework:spring-core MAVEN version =5.2.0.RELEASE, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =2.3.0.RELEASE, =2.3.0.RELEASE, =2.3.0.RELEASE, =2.3.0.RELEASE, =2.3.0.RELEASE, =2.3.1.RELEASE and more Source cves:...
BELL-CVE-2021-4207 CVE-2021-4207 does not affect BellSoft software
Bulletin has no description...
chartes.psl.eu Cross Site Scripting vulnerability OBB-2459972
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection DoS (cisco-sa-nxos-bfd-dos-wGQXrzxn)
According to its self-reported version, Cisco NX-OS Software for Cisco Nexus 9000 Series Switches is affected by a denial of service vulnerability. The vulnerability exists in the rate limiter for Bidirectional Forwarding Detection BFD traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series...
alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +42 more potentially affected by CVE-2022-21726 via tensorflow (>=2.6.0 <=2.6.2)
tensorflow PYPI version =2.6.0, =0.0.2, =1.0.1, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =1.1.2 - imgtovar =0.8.5 and more Source cves: CVE-2022-21726 Source advisory: OSV:GHSA-23HM-7W47-XW72...
blog.stellantisnorthamerica.com Cross Site Scripting vulnerability OBB-2336959
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2021-45507
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBW30 before 2.6.2.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and...
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Dec 2021)
This host is missing a critical security update according to Microsoft Office Click-to-Run updates SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
GHSA-R562-M862-63W3 APM Java Agent Local Privilege Escalation
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...
CVE-2021-22923 affecting package curl 7.76.0-9
CVE-2021-22923 affecting package curl 7.76.0-9. A patched version of the package is available...