CVE-2023-2620 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

PT-2023-8134 · Microsoft · Office Word +8

Name of the Vulnerable Software and Affected Versions: Microsoft Office versions prior to the January 9, 2024 security update Office 2019 Office 2021 Office LTSC for Mac 2021 Microsoft 365 Description: A security issue exists in FBX that could lead to remote code execution. The vulnerability is...

CVE-2023-33176

BigBlueButton (BBB) SSRF vulnerability (CVE-2023-33176) enables server-side request forgery via the insertDocument URL for presentation downloads. The public descriptions describe that the URL supplied could be used without proper validation, leading to SSRF. A patch updated PresentationUrlDownlo...

The vulnerability of the HandleFileArg function in the XML data compression tool Xmill allows a attacker to execute arbitrary code.

The vulnerability of the HandleFileArg function in the XML data compression tool Xmill relates to the insertion or modification of arguments. Exploiting this vulnerability could allow a local attacker to execute arbitrary code...

Input validation

The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard...

Privilege escalation

Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the...

CVE-2023-34845

Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the...

CVE-2023-26207

An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text...

CVE-2023-26207

An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text...

Security Bulletin: [All] Spring Framework - CVE-2021-22096 (Publicly disclosed vulnerability)

Summary In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This effects ITNCM version 6.4.2. Vulnerability Details CVEID:CVE-2021-22096 DESCRIPTION:...

CVE-2023-29725

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting...

CVE-2023-29725

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting...

CVE-2023-29725

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting...

CVE-2023-29723

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opene...

CVE-2023-33486

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter...

CVE-2023-33487

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter...

Command injection

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter...

CVE-2023-33486

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter...

CVE-2023-33487

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter...

CVE-2023-33486

CVE-2023-33486 affects TOTOLINK X5000R firmware versions V9.1.0u.6118_B20201102 through V9.1.0u.6369_B20230113. The root cause is a command injection in setOpModeCfg that permits executing arbitrary commands via the hostName parameter. Documents do not provide exploit details or a confirmed patch...