Lucene search
K

170 matches found

SUSE Linux
SUSE Linux
added 2024/11/18 1:21 p.m.4 views

Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server

Description: This update fixes the following issues: proxy-httpd-image: Version 5.0.8 Store Proxy FQDN in rhn.conf for auth token use bsc1230255 proxy-salt-broker-image: Version 5.0.8 Update for next release proxy-squid-image: Version 5.0.8 Update for next release proxy-ssh-image: Version 5.0.8...

9.8CVSS7.4AI score0.03948EPSS
Exploits6References28
OSV
OSV
added 2024/11/18 1:21 p.m.6 views

SUSE-SU-2024:4009-1 Security update for SUSE Manager Server 5.0

This update fixes the following issues: server-attestation-image: - Version 5.0.6 Update for next release server-hub-xmlrpc-api-image: - Version 5.0.8 Update for next release server-image: - Version 5.0.9 Add HANA and cluster formulas to Server image bsc1230536 Use /etc/krb5.conf.d for all kerber...

7.2AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/10/07 8:15 p.m.14 views

CVE-2024-45060 Unauthenticated Cross-Site-Scripting (XSS) in sample file in PHPSpreadsheet

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scripting XSS vulnerability due to improper handling of input where a number is expected leading to formula injection. The code in in...

7.1CVSS6.4AI score0.00466EPSS
Exploits1References2
CVE
CVE
added 2024/07/30 3:51 p.m.81 views

CVE-2024-41804

CVE-2024-41804 affects Xibo CMS (DataSet Column Formulas API). An SQL injection vulnerability is exploitable by an authenticated user via the formula parameter, enabling access to/ modification of arbitrary data in the Xibo database. Remediation: upgrade to Xibo versions 3.3.12 or 4.0.14, which f...

6.5CVSS6.7AI score0.00435EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.5 views

PT-2024-29571 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions prior to 3.3.12 Xibo versions prior to 4.0.14 Description: A SQL injection issue was discovered in the API route responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to obtain and modify...

6.5CVSS7.7AI score0.00435EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/05/31 12:0 a.m.4 views

Moodle Security Breach

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from a stored cross-site scripting XSS vulnerability when editing another user's...

6.1CVSS5.7AI score0.00374EPSS
Exploits0References2
NVD
NVD
added 2024/04/26 3:15 p.m.23 views

CVE-2024-28328

CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format...

5.4CVSS7AI score0.00424EPSS
Exploits0References3
CVE
CVE
added 2024/04/26 12:0 a.m.64 views

CVE-2024-28328

The connected Red Hat/NVD/Other sources confirm a CSV Injection vulnerability in ASUS RT-N12+ (B1) routers. The flaw stems from insufficient input sanitization in the client name parameter, which, when exporting data to CSV, can allow an administrator to inject commands or formulas that may execu...

5.4CVSS7.3AI score0.00424EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/15 5:43 p.m.18 views

CVE-2023-48709 iTop vulnerable to potential formula injection in Excel/CSV export file

iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2016 does not prevent Remote Code Execution by default, uninformed users may become victims. This...

8CVSS8.3AI score0.00958EPSS
Exploits0References3
OSV
OSV
added 2024/04/15 5:43 p.m.26 views

CVE-2023-48709 iTop vulnerable to potential formula injection in Excel/CSV export file

iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2016 does not prevent Remote Code Execution by default, uninformed users may become victims. This...

8CVSS7.8AI score0.00958EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.7 views

iTop 安全漏洞

iTop is a platform that provides all the resources needed to optimize iTop. A security vulnerability exists in iTop versions 2.7.9, 3.0.4, 3.1.1, and 3.2.0, which stems from the fact that when data is exported from the backend or portal in the form of a CSV or Excel file, the user's input may...

8CVSS7.8AI score0.00958EPSS
Exploits0References4
Fedora
Fedora
added 2024/03/07 10:33 p.m.24 views

[SECURITY] Fedora 40 Update: libformula-1.1.3-43.fc40

LibFormula provides Excel-Style-Expressions. The implementation provided here is very generic and can be used in any application that needs to compute formulas...

8.8CVSS6.7AI score0.02557EPSS
Exploits3
NVD
NVD
added 2024/03/05 12:15 p.m.13 views

CVE-2023-45597

A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “fileconfiguration” functionality of the web application concerning the function “exportfile” allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue...

9CVSS5.5AI score0.00446EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 12:15 p.m.14 views

Design/Logic Flaw

A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “fileconfiguration” functionality of the web application concerning the function “exportfile” allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue...

5.4CVSS6.9AI score0.00446EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/05 11:32 a.m.14 views

CVE-2023-45597

A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “fileconfiguration” functionality of the web application concerning the function “exportfile” allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue...

5.9CVSS6.7AI score0.00446EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.15 views

openSUSE: Security Advisory for salt (SUSE-SU-2023:3863-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS5.9AI score0.01033EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.14 views

openSUSE: Security Advisory for salt (SUSE-SU-2023:4387-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.7CVSS6.9AI score0.00187EPSS
Exploits0References2
OSV
OSV
added 2023/12/28 6:45 p.m.24 views

GHSA-XHVV-3JWW-C487 ActiveAdmin CSV Injection leading to sensitive information disclosure

Impact In ActiveAdmin versions prior to 3.2.0, maliciously crafted spreadsheet formulas could be uploaded as part of admin data that, when exported to a CSV file and the imported to a spreadsheet program like libreoffice, could lead to remote code execution and private data exfiltration. The...

5.2CVSS9.7AI score0.0095EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/11/14 3:53 p.m.34 views

libreoffice: Array index underflow in Calc formula parsing

A vulnerability was found in LibreOffice. Improper validation of the array index in the spreadsheet component of The Document Foundation in LibreOffice allows an attacker to craft a spreadsheet document that causes an array index underflow when loaded. In affected versions of LibreOffice, certain...

7.8CVSS5.9AI score0.003EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/11/10 12:0 a.m.19 views

SUSE SLES15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2023:4390-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4390-1 advisory. Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack bsc1215157 Bugs fixed: - Fix optimizationorder opt to...

6.7CVSS7.3AI score0.00187EPSS
Exploits0References7
Rows per page
Query Builder