GHSA-9436-3GMP-4F53 grav Server-side Template Injection (SSTI) mitigation bypass

Summary The fix for SSTI using |map, |filter and |reduce twigs implemented in the commit 71bbed1 introduces bypass of the denylist due to incorrect return value from isDangerousFunction, which allows to execute the payload prepending double backslash \ Details The isDangerousFunction check in...

CVE-2023-32635

XBRL data create application version 7.0 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker...

Xxe

XBRL data create application version 7.0 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker...

CVE-2023-32635

CVE-2023-32635 affects the XBRL data create application (7.0 and earlier). The root cause is improper restriction of XML External Entity (XXE) references, enabling a specially crafted XBRL file to cause the system to read arbitrary files. The issue is documented across multiple sources (e.g., JVN...

CVE-2023-32635

XBRL data create application version 7.0 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker...

SUSE CVE-2023-38426

An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2findcontextvals when createcontext's namelen is larger than the tag length...

DEBIAN-CVE-2023-38426

An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2findcontextvals when createcontext's namelen is larger than the tag length...

UBUNTU-CVE-2023-38426

An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2findcontextvals when createcontext's namelen is larger than the tag length...

PT-2023-3635 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.19 Oracle Database Server versions 21.3 through 21.10 Description: The issue is related to insufficient input validation in the Java VM component of Oracle Database Server. It allows a...

CVE-2023-37461

Metersphere is an opensource testing framework. Files uploaded to Metersphere may define a belongType value with a relative path like ../../../../ which may cause metersphere to attempt to overwrite an existing file in the defined location or to create a new file. Attackers would be limited to...

CVE-2023-3584 Member can create team with team override scheme

Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme...

OmniSharp csharp-language-server-protocol 资源管理错误漏洞

OmniSharp csharp-language-server-protocol is the C language server protocol for OmniSharp. A resource management error vulnerability exists in OmniSharp csharp-language-server-protocol prior to version 0.19.7, which stems from the file src/JsonRpc/Serialization/SerializerBase.cs where the The...

_deployCreate()/_deployCreate2() will not work on ZKSync Era

Lines of code Vulnerability details Bug Description In the contest's Scoping Details, the sponsor states that Universal Profiles might eventually be deployed across multiple chains: Is it multi-chain? LUKSO itself is not a multi-chain. The lsp-smart-contracts are initially intended to be used on...

USN-6230-1: PostgreSQL vulnerability

Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor...

USN-6230-1 postgresql-9.5 vulnerability

Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor...

CVE-2020-36756

The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on the createcsvfile function. This makes it possible for unauthenticated attackers to create a CSV file via a forged...

WordPress Plugin 10WebAnalytics 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2023-37189

A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...

CVE-2023-37189

A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...

CVE-2023-37189

A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...