20 matches found
EUVD-2023-27012
Malicious code in bioql PyPI...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the cookie date formatting process. An attacker can access sensitive memory contents by sending specially crafted cookie headers. Remediation There is no fixed version for libsoup. References - Gitlab Issue - Red...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on --- 🐱💻 ✂️ 🤬 LOG4J Java exploit - WAF and patches bypass tricks 📝 Description CVE-2021-44228 works on: log4j: 2.0 Upper Lookup The UpperLookup converts the passed in argument to upper case. Presumably the...
CVE-2023-22910
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...
BIT-MEDIAWIKI-2023-22910
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...
CVE-2023-22910
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...
CVE-2023-22910
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...
Code injection
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...
CVE-2023-22910
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...
CVE-2023-22910
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...
PT-2023-18770 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.9 MediaWiki versions 1.36.x through 1.38.x before 1.38.5 MediaWiki versions 1.39.x before 1.39.1 Description: An issue was discovered in MediaWiki that allows JavaScript execution by staff/admin users who do n...
ALSA-2021:4201 Moderate: babel security and bug fix update
Babel provides tools to build and work with gettext message catalogs, and a Python interface to the CLDR Common Locale Data Repository, providing access to various locale display names, localized number and date formatting, etc. Security Fixes: python-babel: Relative path traversal allows attacke...
[SECURITY] Fedora 34 Update: babel-2.9.1-1.fc34
Babel is composed of two major parts: tools to build and work with gettext message catalogs a Python interface to the CLDR Common Locale Data Repository, providing access to various locale display names, localized number and date formatting, etc...
CVE-2019-19551
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are no...
Cross site scripting
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are no...
CVE-2019-19551
The CVE-2019-19551 entry describes an XSS vulnerability in Sangoma FreePBX’s Userman, affecting versions 13.0.76.43 through 15.0.20. The issue arises from insufficient sanitization of time/date formatting and time-zone fields in the User Management screen. An attacker with access to the User Cont...
December 5, 2018—KB4469041 Preview of cumulative update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server 2019
December 5, 2018—KB4469041 Preview of cumulative update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server 2019 Release Date: 12/05/2018Version: .NET Framework 3.5 and 4.7.2 Improvements and fixes This update includes quality improvements. No new operating system...
Description of the Security and Quality Rollup for .NET Framework 3.5.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4459934)
Description of the Security and Quality Rollup for .NET Framework 3.5.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 KB 4459934 Applies to: Microsoft .NET Framework 3.5.1 Notice This update is included in the Preview of Quality Rollup that's dated November 27, 2018. This update was previously...
Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2012 (KB 4459944)
Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2012 KB 4459944 Applies to: Microsoft .NET Framework 4.5.2 Notice This update is included in the Preview of Quality Rollup that's dated November 27, 2018. This update was previously released as part of the...
SUSE-SU-2018:0552-1 Security update for SUSE Manager Server 3.1
This update fixes the following issues: nutch: - Fix hadoop log dir. bsc1061574 osad, rhnlib: - Fix update mechanism when updating the updateservice bsc1073619 pxe-default-image: - Spectre and Meltdown mitigation. CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, bsc1068032 spacecmd: - Support multipl...