13 matches found
EUVD-2023-36345
Malicious code in bioql PyPI...
EUVD-2023-35458
Malicious code in bioql PyPI...
CVE-2023-31139
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.37 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, Personal Access Tokens PATs generate unrestricted session cookies. This may lead to a bypass of other access...
CVE-2023-32060
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker...
CVE-2023-32060
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker...
Sql injection
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.37 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, Personal Access Tokens PATs generate unrestricted session cookies. This may lead to a bypass of other access...
CVE-2023-32060 DHIS2 Core Improper Access Control with Category Option Combination sharing in /api/trackedEntityInstance and /api/events
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker...
CVE-2023-31139 DHIS2 Core unrestricted session cookies with Personal Access Tokens
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.37 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, Personal Access Tokens PATs generate unrestricted session cookies. This may lead to a bypass of other access...
CVE-2023-31139 DHIS2 Core unrestricted session cookies with Personal Access Tokens
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.37 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, Personal Access Tokens PATs generate unrestricted session cookies. This may lead to a bypass of other access...
CVE-2023-31138 DHIS2 Core vulnerable to Improper Access Control with PATCH requests
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an obje...
CVE-2023-31138 DHIS2 Core vulnerable to Improper Access Control with PATCH requests
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an obje...
PT-2023-23172 · Unknown · Dhis2 Core
Name of the Vulnerable Software and Affected Versions: DHIS2 Core versions prior to 2.37.9.1 DHIS2 Core versions prior to 2.38.3.1 DHIS2 Core versions prior to 2.39.1.2 Description: DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in th...
PT-2023-23574 · Unknown · Android Capture App +1
Name of the Vulnerable Software and Affected Versions: DHIS2 Core versions 2.35 through 2.36.12 DHIS2 Core versions 2.37 through 2.37.7 DHIS2 Core versions 2.38 through 2.38.1 DHIS2 Core versions 2.39 through 2.39.0 exclusive of 2.39.0, as 2.39.0 contains a fix Description: The issue arises when...