170 matches found
Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server
Description: This update fixes the following issues: proxy-httpd-image: Version 5.0.8 Store Proxy FQDN in rhn.conf for auth token use bsc1230255 proxy-salt-broker-image: Version 5.0.8 Update for next release proxy-squid-image: Version 5.0.8 Update for next release proxy-ssh-image: Version 5.0.8...
SUSE-SU-2024:4009-1 Security update for SUSE Manager Server 5.0
This update fixes the following issues: server-attestation-image: - Version 5.0.6 Update for next release server-hub-xmlrpc-api-image: - Version 5.0.8 Update for next release server-image: - Version 5.0.9 Add HANA and cluster formulas to Server image bsc1230536 Use /etc/krb5.conf.d for all kerber...
CVE-2024-45060 Unauthenticated Cross-Site-Scripting (XSS) in sample file in PHPSpreadsheet
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scripting XSS vulnerability due to improper handling of input where a number is expected leading to formula injection. The code in in...
CVE-2024-41804
CVE-2024-41804 affects Xibo CMS (DataSet Column Formulas API). An SQL injection vulnerability is exploitable by an authenticated user via the formula parameter, enabling access to/ modification of arbitrary data in the Xibo database. Remediation: upgrade to Xibo versions 3.3.12 or 4.0.14, which f...
PT-2024-29571 · Xibo · Xibo
Name of the Vulnerable Software and Affected Versions: Xibo versions prior to 3.3.12 Xibo versions prior to 4.0.14 Description: A SQL injection issue was discovered in the API route responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to obtain and modify...
Moodle Security Breach
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from a stored cross-site scripting XSS vulnerability when editing another user's...
CVE-2024-28328
CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format...
CVE-2024-28328
The connected Red Hat/NVD/Other sources confirm a CSV Injection vulnerability in ASUS RT-N12+ (B1) routers. The flaw stems from insufficient input sanitization in the client name parameter, which, when exporting data to CSV, can allow an administrator to inject commands or formulas that may execu...
CVE-2023-48709 iTop vulnerable to potential formula injection in Excel/CSV export file
iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2016 does not prevent Remote Code Execution by default, uninformed users may become victims. This...
CVE-2023-48709 iTop vulnerable to potential formula injection in Excel/CSV export file
iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2016 does not prevent Remote Code Execution by default, uninformed users may become victims. This...
iTop 安全漏洞
iTop is a platform that provides all the resources needed to optimize iTop. A security vulnerability exists in iTop versions 2.7.9, 3.0.4, 3.1.1, and 3.2.0, which stems from the fact that when data is exported from the backend or portal in the form of a CSV or Excel file, the user's input may...
[SECURITY] Fedora 40 Update: libformula-1.1.3-43.fc40
LibFormula provides Excel-Style-Expressions. The implementation provided here is very generic and can be used in any application that needs to compute formulas...
CVE-2023-45597
A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “fileconfiguration” functionality of the web application concerning the function “exportfile” allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue...
Design/Logic Flaw
A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “fileconfiguration” functionality of the web application concerning the function “exportfile” allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue...
CVE-2023-45597
A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “fileconfiguration” functionality of the web application concerning the function “exportfile” allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue...
openSUSE: Security Advisory for salt (SUSE-SU-2023:3863-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for salt (SUSE-SU-2023:4387-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-XHVV-3JWW-C487 ActiveAdmin CSV Injection leading to sensitive information disclosure
Impact In ActiveAdmin versions prior to 3.2.0, maliciously crafted spreadsheet formulas could be uploaded as part of admin data that, when exported to a CSV file and the imported to a spreadsheet program like libreoffice, could lead to remote code execution and private data exfiltration. The...
libreoffice: Array index underflow in Calc formula parsing
A vulnerability was found in LibreOffice. Improper validation of the array index in the spreadsheet component of The Document Foundation in LibreOffice allows an attacker to craft a spreadsheet document that causes an array index underflow when loaded. In affected versions of LibreOffice, certain...
SUSE SLES15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2023:4390-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4390-1 advisory. Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack bsc1215157 Bugs fixed: - Fix optimizationorder opt to...