CVE-2023-43649 baserCMS CSRF vulnerability in Content preview Feature

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue...

CVE-2023-43649

CVE-2023-43649 affects baserCMS prior to version 4.8.0, where the content preview feature is vulnerable to CSRF due to inadequate verification of the request source. The underlying issue allows a forged request to perform a sensitive operation on behalf of an authenticated user. Documented impact...

CVE-2023-43647

baserCMS prior to 4.8.0 contains a reflected XSS in the file upload feature (CVE-2023-43647); affected versions include 4.7.8 and earlier per multiple sources. A fix is released in baserCMS 4.8.0.

The vulnerability of the software development environment of Totally Integrated Automation Portal (Portal TIA) relates to the possibility of bypassing the path, allowing a intruder to execute arbitrary code.

The vulnerability of the Totally Integrated Automation Portal Portal TIA software development environment relates to the possibility of bypassing the access path. Exploiting this vulnerability allows an attacker to execute arbitrary code, provided that the user opens a specially crafted...

CVE-2023-29009

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0...

CVE-2023-5828

A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the...

Sql injection

A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the...

Design/Logic Flaw

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0...

CVE-2023-5828 Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System login.aspx sql injection

A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the...

CVE-2023-5828

Vulnerability (CVE-2023-5828) in the Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System (versions up to 20231026) arises from an SQL injection in the file login.aspx, via the tbxUserName parameter. Root cause: unsafe handling/concatenation ...

CVE-2023-5828 Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System login.aspx sql injection

A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the...

CVE-2023-29009 basercms XSS Vulnerability via Favorites Feature

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0...

CVE-2023-41096

Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM SecureVault High modules allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier...

openexr -- Heap Overflow in Scanline Deep Data Parsing

Austin Hackers Anonymous report: Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. ... it is...

The vulnerability of the Compiler component of the Oracle GraalVM for JDK allows a hacker to gain access to read, modify, add, or delete data.

The vulnerability of the Compiler component of the Oracle GraalVM for JDK lies in insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to gain access to read, modify, add, or delete data...

Maximizing the value of threat modeling

Explore four practices that maximize the value of threat models throughout the entire development lifecycle...

RLSA-2023:5742 Moderate: java-11-openjdk security and bug fix update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: certificate path validation issue during client authentication 8309966 CVE-2023-22081 For more details about the security issues, including the...

SUSE: Security Advisory (SUSE-SU-2023:4162-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:4162-1 Security update for gcc13

This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided...

[SECURITY] Fedora 37 Update: python-django-4.1.12-1.fc37

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...