PT-2023-30168

Name of the Vulnerable Software and Affected Versions Talent Software ECOP versions prior to 32255 Description The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as 'SQL Injection', which allows Command Line Execution through SQL Injection...

GHSA-3PJV-R7W4-2CF5 Grails data binding causes JVM crash and/or other denial of service

Impact A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. Patches Patches are available for Grails 3 and later. Workarounds No workaround is possible except to avoid data binding to request data...

PT-2023-32814 · Jahastech · Nxfilter

Name of the Vulnerable Software and Affected Versions: Jahastech NxFilter version 4.3.2.5 Description: A problematic issue has been found in the Bind Request Handler component, affecting the processing of the file user,adap.jsp?actionFlag=test&id=1. This leads to ldap injection and can be initiat...

Playbook: Your First 100 Days as a vCISO - 5 Steps to Success

In an increasingly digital world, no organization is spared from cyber threats. Yet, not every organization has the luxury of hiring a full-time, in-house CISO. This gap in cybersecurity leadership is where you, as a vCISO, come in. You are the person who will establish, develop, and solidify the...

PT-2023-8686 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14.2 Description: The issue is related to a buffer overflow in the AppleVA component of the macOS operating system, which can lead to unexpected app termination or arbitrary code execution when processing a file. This ...

PT-2023-8048 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14.2 Description: The issue is related to multiple memory corruption problems that have been addressed through improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or...

PT-2023-32566 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue is related to improper authorization in the "/plugins/focalboard/api/v2/users" endpoint, allowing an attacker who is a guest user and knows the ID of another user to obtain the...

PT-2023-30775 · Unknown · Capsule-Proxy

Name of the Vulnerable Software and Affected Versions: capsule-proxy versions prior to 0.4.6 Description: The issue is a privilege escalation vulnerability based on a missing check if the user is authenticated based on the TokenReview result. This affects clusters running with the anonymous-auth...

PT-2023-7273 · Sysaid · Sysaid

Name of the Vulnerable Software and Affected Versions: SysAid versions prior to 23.2.15 Description: The issue allows for Indirect Object Reference IDOR attacks, enabling unauthorized access to protected information. This can be achieved by modifying the sid parameter to EmailHtmlSourceIframe.jsp...

PT-2023-31571

Name of the Vulnerable Software and Affected Versions DRDrive versions prior to 20231006 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations For version...

PT-2023-7372 · Adobe · Premiere Pro

Name of the Vulnerable Software and Affected Versions: Adobe Premiere Pro versions 24.0 and earlier Adobe Premiere Pro versions 23.6 and earlier Description: The issue is related to an Access of Uninitialized Pointer, which could lead to disclosure of sensitive memory. An attacker could leverage...

PT-2023-7265 · Adobe · Premiere Pro

Name of the Vulnerable Software and Affected Versions: Adobe Premiere Pro versions 24.0 and earlier Adobe Premiere Pro versions 23.6 and earlier Description: The issue is related to an out-of-bounds write that could result in arbitrary code execution in the context of the current user. Exploitati...

PT-2023-7132 · Adobe · Audition

Name of the Vulnerable Software and Affected Versions: Adobe Audition versions 24.0 and earlier Adobe Audition versions 23.6.1 and earlier Description: The issue is related to an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocate...

PT-2023-28601 · Kyverno · Kyverno

Name of the Vulnerable Software and Affected Versions: Kyverno versions 1.11.0 and later, built from the main branch Description: A security issue was found in Kyverno, a policy engine for Kubernetes, where an attacker could cause denial of service. The vulnerable component is Kyverno's Notary...

PT-2023-30219 · Unknown · Online Matrimonial Project

Name of the Vulnerable Software and Affected Versions: Online Matrimonial Project version 1.0 Description: The issue concerns Unauthenticated SQL Injection vulnerabilities. Specifically, the filename attribute of the pic4 multipart parameter is vulnerable. Recommendations: For Online Matrimonial...

PT-2023-15061 · Unknown · Gopi Ramasamy Email

Name of the Vulnerable Software and Affected Versions: Gopi Ramasamy Email posts to subscribers versions n/a through 6.2 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection...

PT-2023-8554 · Unknown · Neshan Maps

Name of the Vulnerable Software and Affected Versions: Neshan Maps versions 1.1.4 and earlier Description: The issue is related to the improper neutralization of special elements used in an SQL command, which allows for SQL injection attacks. This can be exploited by a remote attacker to conduct...

PT-2023-30064 · Fancms · Fancms

Name of the Vulnerable Software and Affected Versions: FanCMS version 1.0.0 Description: A Cross Site Scripting issue allows an attacker to execute arbitrary code via the content1 parameter in the "demo.php" file. Recommendations: For FanCMS version 1.0.0, avoid using the content1 parameter in th...

PT-2023-6818

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 and 3.1 Description A bug has been identified in the processing of key and initialisation vector IV lengths, potentially leading to truncation or overruns during the initialisation of some symmetric ciphers. This issue can...

PT-2023-31556

Name of the Vulnerable Software and Affected Versions Biltay Technology Kayisi versions prior to 1286 Description The issue is related to an SQL Injection vulnerability, which allows for the improper neutralization of special elements used in an SQL command. This can lead to SQL Injection and...