CVE-2023-42817

Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” from “%suggest% is parsed by sprintf even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access...

CVE-2023-42817

Pimcore admin-ui-classic-bundle translations are vulnerable to Cross-site Scripting due to a translation string containing “%s” being parsed by sprintf(), allowing potential injection in dialog boxes. Affected versions: prior to 1.1.2. Root cause: unsanitized translation parsing. Remediation: upg...

Pimcore Cross-Site Scripting Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management , e-commerce framework and product information management applications. A cross-site scripting vulnerability exists in...

@mattie-bundle/mattie-strapi-bundle-example (>=1.0.0-alpha.0 <=1.0.0-alpha.3), sneakmax (=0.1.0) +3 more potentially affected by CVE-2023-38507 via @strapi/plugin-users-permissions (>=4.0.0-beta.0 <=4.11.2)

@strapi/plugin-users-permissions NPM version =4.0.0-beta.0, =1.0.0-alpha.0, =1.0.0-alpha.3 - sneakmax =0.1.0 - sneakmaxtesttemplate =0.1.0 - sneakmaxtesttemplatev2 =0.1.0 - sveltekit-strapi =0.1.0 Source cves: CVE-2023-38507 Source advisory: OSV:GHSA-24Q2-59HM-RH9R...

WordPress Ovic Product Bundle Plugin <= 1.1.2 is vulnerable to Broken Access Control

Software Ovic Product Bundle Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41649 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 75cf7d8a70bd Credits thiennv Required...

CVE-2023-41044

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

Path traversal

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

CVE-2023-41044

Graylog exposes a partial path traversal vulnerability in its Support Bundle feature (requires valid Admin credentials). The issue stems from improper input validation in an HTTP API resource, allowing reading or deleting files under sibling directories of the support-bundle directory (data_dir d...

WordPress Email Encoder Bundle Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4599 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 48a0517c2804 Credits István Márton...

Faucet SDN Ryu Security Breach

Ryu is a component-based software-defined networking framework open-sourced by Faucet SDN. A security vulnerability exists in Faucet SDN Ryu version 4.34, which stems from a vulnerability that allows an attacker to conduct a denial of service DoS attack via the component OFPBundleCtrlMsg...

CLSA-2023-1691083258 Update of alt-php

Update ca-certificates database to 20230629: - mozilla/certdata.txt,nssckbi.h: Update Mozilla certificate authority bundle to version 2.62. - The following certificate authorities were added +: + "BJCA Global Root CA1" + "BJCA Global Root CA2"...

CLSA-2023-1691082636 Update of alt-php

Update ca-certificates database to 20230629: - mozilla/certdata.txt,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.62. - The following certificate authorities were added: Certificate "BJCA Global Root CA1" Certificate "BJCA Global Root CA2"...

CLSA-2023-1691082298 Update of alt-php

Update ca-certificates database to 20230629: - mozilla/certdata.txt,nssckbi.h: Update Mozilla certificate authority bundle to version 2.62. - The following certificate authorities were added +: + "BJCA Global Root CA1" + "BJCA Global Root CA2"...

SUSE-SU-2023:3137-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - CVE-2023-28370: Tornado: Fix an open redirect issue in the static file handler bsc1211741 - Prevent pygit2.GitError: error loading knownhosts when $HOME is not set bsc1210994 - Fix ModuleNotFoundError and other issues raised by...

The vulnerability of the web interface of microprogramming software in VMware SD-WAN Edge devices allows a hacker to bypass security restrictions and gain access to read, modify, or delete data.

The vulnerability of the web interface of microprogramming software in VMware SD-WAN Edge devices is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain read, modify, or delete access to data by downloading the...

Cross-site Scripting (XSS)

contao/core-bundle is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of a validation in the input unit widget, which allows an attacker to inject and execute malicious Javascript into the browser and backend server...

Authorization

Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known bundle ID. The user does not need to be a member of the...