Talend Data Catalog 代码问题漏洞

Talend Data Catalog is a tool that combines data cataloging and metadata management from Talend. It is used to connect data from platforms, databases, and analytic tools to generate a holistic view of the information supply chain in a language everyone can understand. A security vulnerability...

Design/Logic Flaw

Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for attackers to observe and capture it...

Ransomware in the UK, April 2022–March 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their dark web sites. In this report, "known attacks" are attacks where the victim opted not to pay a ransom. This provides the best overall picture ...

UserPlus <= 2.0 - Stored XSS via CSRF

The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. PoC Open the .html file where the admin user is logged in - Go to...

CVE-2023-22615

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM...

CVE-2023-26551

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...

Code injection

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM...

Type confusion

An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flbpackmsgpacktojsonformat leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file an...

CVE-2023-26845

A Cross-Site Request Forgery CSRF in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors...

CVE-2023-26554

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...

NewStart CGSL CORE 5.05 / MAIN 5.05 : openssl Multiple Vulnerabilities (NS-SA-2023-0025)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openssl packages installed that are affected by multiple vulnerabilities: - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is clo...

CVE-2023-26551

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...

CVE-2023-27876

IBM TRIRIGA 4.0 is vulnerable to an XML External Entity (XXE) attack when processing XML data. The root cause is an XXE flaw in the XML processing pipeline, which could allow a remote attacker to expose sensitive information and, in some cases, consume memory resources . This CVE (CVE-2023-27876)...

CVE-2023-27876 IBM TRIRIGA Application Platform XML external entity injection

IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249975...

Stack overflow

D-Link DIR878 DIR878FW120B05 was discovered to contain a stack overflow in the sub495220 function. This vulnerability allows attackers to cause a Denial of Service DoS or execute arbitrary code via a crafted payload...

Cisco Secure Network Analytics Remote Code Execution Vulnerability (CNVD-2023-85955)

Cisco Secure Network Analytics Stealthwatch is a solution that supports cross-platform network streaming data collection. A remote code execution vulnerability exists in Cisco Secure Network Analytics, which can be exploited by an attacker to execute code on an affected device...

Dell PowerScale OneFS Resource Management Error Vulnerability (CNVD-2023-43248)

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. A resource management error vulnerability exists in Dell PowerScale OneFS, which arises from uncontrolled resource consumption by an application and can be...

Veritas Backup Exec Agent File Access Vulnerability

Veritas Backup Exec BE Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine...

Cross site request forgery (csrf)

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpurgecachevarnishcallback function. This makes it possible for unauthenticated attackers to purge the...

atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE

Exploit Title: atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Date: 02.16.2023 Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The...