CVE-2023-41710

User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this...

CVE-2023-41710

Open-Xchange App Suite CVE-2023-41710 concerns a cross-site scripting (XSS) vulnerability where user-defined script code was not properly sanitized when added to the DOM, potentially allowing attackers to entice users to execute code within a trusted domain. Affected product references include Op...

view_component Cross-site Scripting vulnerability

Impact What kind of vulnerability is it? Who is impacted? This is an XSS vulnerability that has the potential to impact anyone rendering a component directly from a controller with the viewcomponent gem. Note that only components that define a call method i.e. instead of using a sidecar template...

GHSA-WF2X-8W6J-QW37 view_component Cross-site Scripting vulnerability

Impact What kind of vulnerability is it? Who is impacted? This is an XSS vulnerability that has the potential to impact anyone rendering a component directly from a controller with the viewcomponent gem. Note that only components that define a call method i.e. instead of using a sidecar template...

view_component Cross-site Scripting vulnerability

Impact What kind of vulnerability is it? Who is impacted? This is an XSS vulnerability that has the potential to impact anyone rendering a component directly from a controller with the viewcomponent gem. Note that only components that define a call method i.e. instead of using a sidecar template...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.10 Bug Fix Update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.10 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...

Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 6.1 security, enhancements, and bug fix update

An update is now available for Red Hat Ceph Storage 6.1 in the Red Hat Ecosystem Catalog Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support...

Important: Red Hat Security Advisory: Red Hat Ceph Storage 6.1 security, enhancements, and bug fix update

Updated container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilitie...

Slippage Handling

Lines of code Vulnerability details Impact The primitiveOutputAmount function reverts the transaction if the output amount is less than the minimumOutputAmount, which is a strict slippage protection. This could lead to failed transactions due to normal price fluctuations in the Curve pool. Proof ...

VulnCheck KEV: CVE-2019-12986

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation issue 2 of 6...

PT-2023-31274 · Unknown · Dolphinscheduler

Name of the Vulnerable Software and Affected Versions: DolphinScheduler versions prior to 3.1.0 Description: The issue allows authenticated users to delete UDF functions in the resource center without authorization, which is related to an unauthorized access vulnerability, also known as Insecure...

Apache DolphinScheduler Security Vulnerability

Apache Dolphinscheduler is a modern data scheduling platform from the Apache USA Foundation. A security vulnerability exists in Apache DolphinScheduler versions prior to 3.1.0, which stems from the ability of a logged-in user to unauthorizedly delete a resource center via a UDF function...

Security Bulletin: A vulnerability in Certifi package may affect IBM Storage Scale (CVE-2023-37920)

Summary A vulnerability in Certifi package may affect the IBM Storage Scale call home feature. Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown impact and attack vector. CVSS Base score: 7.5 CVSS...

nodejs: permission model improperly protects against path traversal

A previously disclosed vulnerability CVE-2023-30584 was patched insufficiently. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations...

Design/Logic Flaw

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent % character, invalid values will be included, potentially truncating...

Crashing iPhones with a Flipper Zero

The Flipper Zero is an incredibly versatile hacking device. Now it can be used to crash iPhones in its vicinity by sending them a never-ending stream of pop-ups. These types of hacks have been possible for decades, but they require special equipment and a fair amount of expertise. The capabilitie...

CVE-2023-41966 Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions

The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter...

Sielco Radio Link and Analog FM Transmitters

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Sielco Equipment : Analog FM Transmitters and Radio Link Vulnerabilities : Improper Access Control, Cross-Site Request Forgery, Privilege Defined with Unsafe...

Vulnerability of the Server component: The UDF component of the Oracle MySQL Server database management system, which allows attackers to perform DoS attacks.

The vulnerability of the Oracle MySQL Server database management system’s UDF component is related to improper resource cleanup. Exploiting this vulnerability can allow a malicious actor to carry out a DoS Denial-of-Service attack...

CVE-2023-39331

A previously disclosed vulnerability CVE-2023-30584 was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please...