CVE-2023-39331

A previously disclosed vulnerability CVE-2023-30584 was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please...

AZL-31584 CVE-2023-22111 affecting package mysql for versions less than 8.0.34-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: UDF. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

SUSE CVE-2023-39331

A previously disclosed vulnerability CVE-2023-30584 was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please...

PT-2023-6419 · Node.Js +4 · Node.Js +4

Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: The issue arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations, leading to a path...

The vulnerability in the web interface of the Cisco Catalyst SD-WAN Manager (formerly Cisco SD-WAN vManage) allows a attacker to perform cross-site scripting attacks.

The vulnerability in the web interface of the Cisco Catalyst SD-WAN Manager formerly Cisco SD-WAN vManage relates to the lack of protection for the web page structure during the processing of element fields. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting...

SUSE: Security Advisory (SUSE-SU-2023:3825-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cisco Catalyst 安全漏洞

Cisco Catalyst SD-WAN Manager is an SD-WAN network management program from Cisco USA. A security vulnerability exists in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature, which can be exploited by a remote attacker to submit a special request for unauthorize...

CVE-2023-40019 FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...

CVE-2023-40018

CVE-2023-40018 concerns FreeSWITCH prior to 1.10.10, where remote attackers can trigger an out-of-bounds write by offering an ICE candidate with an unknown component ID. When an SDP is offered with such ICE candidates, FreeSWITCH may write past array bounds, potentially corrupting memory and caus...

PCI v4 is coming. Are you ready?

If you’ve landed here the chances are you are considering PCI compliance. At present the scheme is running against v3.2.1. In March 2022, the PCI Council released the long-anticipated v4.0. The Council stated that the changes represent their determination to “continue to meet the security needs o...

CVE-2023-41167

@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the...

CVE-2023-41167

@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the...

CVE-2023-37435

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

CVE-2023-37426

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host...

Aruba Networks EdgeConnect SD-WAN Orchestrator 跨站脚本漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in the Aruba Networks EdgeConnect SD-WAN Orchestrator that stems from a stored cross-site scripting vulnerability in the web-based management interface...

Aruba Networks EdgeConnect SD-WAN Orchestrator SQL注入漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in the Aruba Networks EdgeConnect SD-WAN Orchestrator that stems from an SQL injection vulnerability in the web-based management interface...

Aruba Networks EdgeConnect SD-WAN Orchestrator 路径遍历漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in Aruba Networks EdgeConnect SD-WAN Orchestrator that stems from a flaw in the web-based management interface that allows an authenticated remote user to run arbitrary...

CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

CVE-2023-28480

An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions UDFs from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platform. An...

CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...