nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

CVE-2024-1222

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls...

WordPress Plugin fx Private Site Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

alf.io Security Vulnerabilities

alf.io is open source ticket reservation system. A security vulnerability exists in alf.io versions prior to 2.0-Mr-2402. An attacker can exploit the vulnerability to view user ID details, especially the API KEY in the username...

PT-2024-17674 · Juanpao · Juanpao Jpshop

Name of the Vulnerable Software and Affected Versions: Juanpao JPShop versions up to 1.5.02 Description: A critical vulnerability was found in Juanpao JPShop, affecting the actionIndex function of the /api/controllers/merchant/app/ComboController.php file in the API component. The manipulation of...

PT-2024-13412 · Ibm · Ibm Tivoli Application Dependency Discovery Manager

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Application Dependency Discovery Manager versions 7.3.0.0 through 7.3.0.10 Description: The issue allows an attacker on the organization's local network to escalate their privileges due to unauthorized API access. Recommendations:...

BuildKit 安全漏洞

BuildKit is concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit. A security vulnerability exists in BuildKit version v0.12.4 and earlier. An attacker could exploit this vulnerability to use the API to run containers with elevated privileges...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker cou...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

CVE-2024-21737 Code Injection vulnerability in SAP Application Interface Framework (File Adapter)

In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on...

CVE-2024-21737 Code Injection vulnerability in SAP Application Interface Framework (File Adapter)

In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on...

SAP Application Interface Framework Code Injection Vulnerability

SAP Application Interface Framework SAP AIF is an application interface framework from SAP. A code injection vulnerability exists in the SAP Application Interface Framework File Adapter, which can be exploited to allow an elevated privilege user to traverse layers and directly execute operating...

SUSE CVE-2023-6866

TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox 121...

PT-2023-9220 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 26.0.9 and 27.1.4 Nextcloud Enterprise Server versions prior to 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 Description: The issue is related to Nextcloud Server, an open source cloud platform, wher...

PT-2023-35649 · Git +1 · Libavc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap buffer overflow issue was identified, potentially causing a crash. The crash occurs in the ih264d format convert function, which is called by isvc...

PT-2023-32558 · M Files · M-Files Server

Name of the Vulnerable Software and Affected Versions: M-Files server versions prior to 23.11.13156.0 Description: The issue is related to missing access permissions checks in the M-Files server, allowing attackers to perform data write and export jobs using the M-Files API methods...

PT-2023-12331 · Unknown · Fleet Server

Name of the Vulnerable Software and Affected Versions: Fleet-Server affected versions not specified Description: An issue was found with how API keys are created with the Fleet-Server service account, allowing a compromised Fleet-Server service account to potentially escalate themselves to a...

CVE-2023-45624

An unauthenticated Denial-of-Service DoS vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point...