SAP S/4HANA Code Issue Vulnerability

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A code issue vulnerability exists in SAP S/4HANA, which arises from a Create Single Payment application that allows an attacker to upload an XML file as an attachment and...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in Google Android due to an insecure PendingIntent in the createQuickShareAction of SaveImageInBackgroundTask.java, which can be exploited by an attacker to elevate privileges...

[SECURITY] Fedora 38 Update: erofs-utils-1.6-3.fc38

EROFS stands for Enhanced Read-Only File System. It aims to be a general read-only file system solution for various use cases instead of just focusing on saving storage space without considering runtime performance. This package includes tools to create, check, and extract EROFS images...

OESA-2023-1577 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

SUSE CVE-2023-40186

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the gdiCreateSurface function. This issue affects FreeRDP based clients only. FreeRDP proxies...

Stored XSS in module named "Create Issues"

Description I tested the demo site you provided. I see that there is an XSS vulnerability. I hope you can check and provide a fix as soon as possible. Proof of Concept link video Poc https://drive.google.com/file/d/1CEEFO0ukhjug6dNRfb-vdQNuBUyezoJp/view?usp=sharing Steps 1 .Login as account demo ...

UBUNTU-CVE-2023-40186

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the gdiCreateSurface function. This issue affects FreeRDP based clients only. FreeRDP proxies...

FreeRDP 输入验证错误漏洞

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. FreeRDP suffers from an input validation error vulnerability that stems from an out-of-bounds write vulnerability in the gdiCreateSurface function...

CVE-2023-39578

A stored cross-site scripting XSS vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field...

CVE-2023-39578

A stored cross-site scripting XSS vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field...

CVE-2023-39578

A stored cross-site scripting XSS vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field...

PT-2023-4658 · Freerdp +8 · Freerdp +8

Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 2.11.0 FreeRDP versions prior to 3.0.0-beta3 Description: The issue affects FreeRDP based clients only, due to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the gdi CreateSurface function. This ma...

CVE-2022-24989

TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. Shell metacharacters can be placed in raidtype because popen is used without any sanitization...

AcyMailing Joomla Component 访问控制错误漏洞

AcyMailing Joomla Component is an email marketing component used in the Joomla content management system. An Access Control Error vulnerability exists in AcyMailing Joomla Component, which stems from the presence of incorrect access control that allows unauthorized users to create new mailing lis...

AZL-27926 CVE-2023-32006 affecting package nodejs18 for versions less than 18.17.1-2

The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...

CVE-2023-40354

An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08....

SUSE CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

DEBIAN-CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

AZL-27892 CVE-2023-39417 affecting package postgresql for versions less than 14.10-1

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

ALPINE-CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...