SUSE CVE-2018-1053

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pgupgrade creates file in current working directory containing the output of pgdumpall -g under umask which was in effect when the user invoked pgupgrade, and not under 0077 which...

Archivist - Custom Archive Templates < 1.7.5 - Stored XSS via CSRF

The plugin does not have CSRF when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2023-0361

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to...

CVE-2023-0361

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to...

Cloudflare thwarts largest reported HTTP DDoS attack

By Waqas A new record has been set for the largest reported HTTP DDoS attack, exceeding the previous record of 46 million requests per second rps in June 2022. This is a post from HackRead.com Read the original post: Cloudflare thwarts largest reported HTTP DDoS attack...

Security Bulletin: IBM CICS TX Standard is vulnerable to a reverse tabnabbing attack (CVE-2022-38705).

Summary IBM CICS TX Standard could allow a reverse tabnabbing attack. The fix removes this vulnerability CVE-2022-38705 from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2022-38705 DESCRIPTION: IBM CICS TX Standard and Advanced could allow a remote attacker to bypass security restriction...

Security Bulletin: IBM CICS TX Advanced is vulnerable to attack due to missing or insecurely formatted HTTP headers (CVE-2022-34316).

Summary IBM CICS TX Advanced could allow an attack due to missing or insecurely formatted HTTP headers. The fix removes this vulnerability CVE-2022-34316 from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2022-34316 DESCRIPTION: IBM CICS TX does not neutralize or incorrectly neutralizes w...

Cross site request forgery (csrf)

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway SSG app in the ‘kvstoreclient’ REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request...

CVE-2022-47936

A vulnerability has been identified in JT Open All versions V11.2.3.0, JT Utilities All versions V13.2.3.0, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.170, Parasolid V35.1 All versions V35.1.150. The affected application...

Inconsistent Interpretation Of HTTP Requests

varnish:sid is vulnerable to Inconsistent Interpretation of HTTP Requests. An attacker could perform a smuggling attack by requesting certain headers to be made hop by hop on varnish servers which will not allow critical headers to be forwarded to the backend...

CVE-2023-23859

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information...

CVE-2023-23855

SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to...

Opt-Out for Google Analytics < 2.3.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Siemens Solid Edge Out-of-Bounds Reading Vulnerability (CNVD-2023-09123)

Siemens Solid Edge is a 3D CAD software from Siemens Germany. The software can be used in industries such as part design, assembly design, sheet metal design, welding design, etc. An out-of-bounds read vulnerability exists in Siemens Solid Edge due to the Datakit CrossCadWarex64.dll used in the...

Oracle Database ServerOracle Database Server Security Bypass Vulnerability

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. A security bypass vulnerability exists in Oracle Database Server that can be exploited ...

Wago PFC200 iocheckd service 'I/O-Check' cache Command Injection (CVE-2019-5170)

An exploitable command injection vulnerability exists in the iocheckd service I/O-Check' function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...

WAGO I/O-CHECK Buffer Copy Without Checking Size of Input (CVE-2019-5079)

An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware versions 03.01.0713 and 03.00.3912, and WAGO PFC100 Firmware version 03.00.3912. A specially crafted set of packets can cause a heap buffer overflow, potentially...

Siemens Solid Edge

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Cross site request forgery (csrf)

A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a...

CVE-2023-23553

Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker...