PT-2023-22984 · Plane · Plane

Name of the Vulnerable Software and Affected Versions: Plane version 0.7.1-dev Description: The issue allows an attacker to change the avatar of their profile, enabling the upload of files with HTML extension that can interpret both HTML and JavaScript. Recommendations: For Plane version 0.7.1-de...

Plane 代码问题漏洞

Plane is an open source, self-hosted project planning tool from Plane Open Source. A security vulnerability exists in Plane version 0.7.1-dev, which stems from a vulnerability that allows an attacker to change the avatar of their profile, thereby allowing the upload of files with HTML extensions...

MAL-2023-97 Malicious code in anjelo-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 30de88230ce0ff3f6fe0eedbd58411d187242209563a96498e787b4f79dfc7f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in anjelo-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 30de88230ce0ff3f6fe0eedbd58411d187242209563a96498e787b4f79dfc7f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Ubuntu 16.04 ESM : PostgreSQL vulnerability (USN-6230-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6230-1 advisory. Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrar...

CVE-2023-37766

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gfisomremoveuserdata function at /lib/libgpac.so...

CVE-2023-37174

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dumpisomscene function at /mp4box/filedump.c...

UBUNTU-CVE-2023-37174

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dumpisomscene function at /mp4box/filedump.c...

GPAC 安全漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in the GPAC v2.3-DEV-rev381-g817a848f6-master version, which stems from a memory segment error in the dumpisomscene method of the /mp4box/filedump.c file...

Stylelint has vulnerability in semver dependency

Summary Our meow dependency which we use for our CLI depended on [email protected] . A vulnerability in this version of semver was recently identified and surfaced by npm audit: Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw Details Original post by the...

CVE-2023-33664

ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

Sql injection

ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

CVE-2023-33664

ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

ai-dev aicombinationsonfly SQL注入漏洞

ai-dev aicombinationsonfly is an application from ai-dev. A security vulnerability exists in ai-dev aicombinationsonfly versions prior to v0.3.1, which stems from the component /includes/ajax.php containing an SQL injection vulnerability...

CVE-2023-33664

ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

Debian DSA-5444-1 : gst-plugins-bad1.0 - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5444 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The...

Critical: Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update

A minor version update from 7.11 to 7.12 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring...

CVE-2023-3423

CVE-2023-3423 affects CloudExplorer Lite prior to version 1.2.0. The root cause described across sources is weak/absent password validation on the backend, which can allow weak passwords or guessing attempts to compromise accounts. Public references (NVD, Red Hat, OSV, etc.) consistently cite wea...

Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Summary IBM has addressed multiple vulnerabilities in IBM Spectrum Discover. Webpack loader-utils CVE-2022-37601 is vulnerable to execute arbitrary code on the system caused by a pollution flaw in parseQuery function. OpenStack Keystone CVE-2021-3563 is vulnerable to bypass security restriction...

Arbitrary File Read

vite is vulnerable to Arbitrary File Read. The vulnerability exists due to improper file path sanitization, allowing an attacker to access files from the root path. Note this vulnerability is only applicable if the vite dev server is hosted on the network...