PT-2024-37179 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: An Incorrect Authorization issue was identified in GitHub Enterprise Server, allowing read access to issue content via GitHub Projects. This issue was only exploitable in internal...

Dell Power Manager Security Vulnerability

Dell Power Manager is an application from Dell Inc. that is used to configure battery maintenance practices to maximize system battery life. A security vulnerability exists in Dell Power Manager versions prior to 3.14 that stems from the inclusion of an improper authorization vulnerability in the...

AZL-27672 CVE-2023-38403 affecting package iperf3 for versions less than 3.14-1

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field...

iDisplay PlatPlay DS 跨站脚本漏洞

iDisplay PlatPlay DS is a multimedia solution from iDisplay. A cross-site scripting vulnerability exists in iDisplay PlatPlay DS versions prior to 3.14 that stems from susceptibility to stored cross-site scripting attacks...

imgproxy 跨站脚本漏洞

imgproxy is imgproxy individual developer's fast and secure standalone server for tweaking and converting remote mirrors. A cross-site scripting vulnerability exists in imgproxy versions prior to 3.14.0, which stems from the presence of reflected cross-site scripting XSS...

CVE-2022-26976

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS...

CVE-2022-26977

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS...

CVE-2022-26975

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication...

CVE-2022-26971

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication...

CVE-2022-26972

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS...

Cross site scripting

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The osusername parameters is not correctly sanitized, leading to reflected XSS...

Barco Control Room 安全漏洞

Barco Control Room is a visualization and collaboration solution from Barco Belgium. It is used to build control rooms. A security vulnerability exists in the Barco Control Room Management Suite web application prior to version 3.14, which stems from a public license file upload mechanism. By...

CVE-2022-26976

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS...

Sonatype Nexus Repository Manager Java Code Execution Vulnerability

Sonatype Nexus Repository Manager aka NXRM is a maven repository manager. A security vulnerability exists in Sonatype NXRM versions prior to 3.14. An attacker can exploit the vulnerability to execute code on the server...