PYSEC-2023-144

Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...

CVE-2023-38759

Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...

CVE-2023-35326

CVE-2023-35326 (Windows CDP User Components Information Disclosure) affects Windows CDP User Components and is rated CVSS v3.1 base 5.5 (LOCAL, Privileges Low, Confidentiality High). Evidence from NVD shows Information Disclosure vulnerability with Local access and high confidentiality impact; Mi...

Nessus Network Monitor < 6.2.2 Multiple Vulnerabilities (TNS-2023-23)

According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-23 advisory. Several of the third-party components were found to contain vulnerabilities, and updat...

CVE-2023-34212 Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components

The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location...

CVE-2023-21486

Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox...

CVE-2021-45464

kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine...

IBM TRIRIGA Application Platform Cross-Site Scripting Vulnerability (CNVD-2024-01175)

The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from International Business Machines IBM. The platform provides a set of design-time and run-time components for building and running its enterprise-class applications, respectively, and...

Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID:CVE-2022-24434 DESCRIPTION: Node.js dicer module is vulnerable to a denial of service. By sending a specially-crafted form to server,...

What Is Cloud Architecture?

What is cloud architecture? And what types of clouds are there? Cloud architecture defines how all the components that enable cloud computing come together...

[SECURITY] Fedora 38 Update: qt6-qtwebengine-6.4.2-3.fc38

Qt6 - QtWebEngine components...

[SECURITY] Fedora 38 Update: qt6-qtwebengine-6.4.2-4.fc38

Qt6 - QtWebEngine components...

Fedora: Security Advisory for kscreenlocker (FEDORA-2023-e31c3e4b6c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K11100332: Multiple Oracle Database Server vulnerabilities

Security Advisory Description CVE-2016-3479 Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors. CVE-2016-3484 Unspecified vulnerability in the Database Vault component i...

CVE-2022-46675

Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A unauthenticated attacker could potentially discover the internal structure of the application and its components and use this information for further vulnerability research...

Security Bulletin: Vulnerability in IBM Java Runtime affect SPSS Collaboration and Deployment Services (CVE-2022-3676)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7 & 8 used by SPSS Collaboration and Deployment Services. This issue has been addressed. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions,...

CVE-2022-48019

The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3.0.20 and before v2.14.200 allows attackers to perform privilege escalation via a crafted payload...

CVE-2022-41733 IBM InfoSphere Information Server denial of service

IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted. IBM X-Force ID: 237583...

CVE-2022-42277

NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other...

CVE-2022-42277

NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other...