CVE-2023-48603 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

PT-2023-31567 · Caddy · Caddy-Geo-Ip

Name of the Vulnerable Software and Affected Versions: caddy-geo-ip versions 0.6.0 and earlier for Caddy 2 Description: The issue allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism, such as the trusted proxy directive in revers...

GO-2023-1857 Panic when parsing ranges with invalid masks in github.com/malfunkt/iprange

Parsing a range with a mask larger than 32 bits causes a panic...

DEBIAN-CVE-2023-32683

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

CVE-2023-32683

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

PT-2023-23958 · Synapse +2 · Synapse +2

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.85.0 Description: A discovered oEmbed or image URL can bypass the url preview url blacklist setting, potentially allowing server-side request forgery or bypassing network policies. The impact is limited to IP...

SUSE CVE-2021-21273

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

Dahua software products 授权问题漏洞

Dahua software products are a family of applications from Dahua Corporation of China. A security vulnerability exists in a number of Dahua software products, which can be exploited by an unauthenticated attacker to search for devices within an IP range using a remote DSS server by sending special...

Updated mediawiki packages fix security vulnerability

HTMLUserTextField exposes existence of hidden users CVE-2022-41765. reassignEdits doesn't update results in an IP range check on Special:Contributions CVE-2022-41767...

MGASA-2022-0370 Updated mediawiki packages fix security vulnerability

HTMLUserTextField exposes existence of hidden users CVE-2022-41765. reassignEdits doesn't update results in an IP range check on Special:Contributions CVE-2022-41767...

Denial Of Service (DoS)

mediawiki is vulnerable to denial of service. The vulnerability exists in reassignEdits function where it does not update the results in an IP range check...

mediawiki -- multiple vulnerabilities

Mediawiki reports: T316304, CVE-2022-41767 SECURITY: reassignEdits doesn't update results in an IP range check on Special:Contributions.. T309894, CVE-2022-41765 SECURITY: HTMLUserTextField exposes existence of hidden users. T307278, CVE-2022-41766 SECURITY: On action=rollback the message...

Security Advisory 0078

Security Advisory 0078 . CSAF PDF Date: July 19th, 2022 Revision | Date | Changes ---|---|--- 1.0 | July 19th 2022 | Initial release The CVE-ID tracking this issue: CVE-2021-28511 CVSSv3.1 Base Score: 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N Common Weakness Enumeration CWE: CWE-284 Improp...

PT-2022-7087 · Unknown · Qubes-Mirage-Firewall

Name of the Vulnerable Software and Affected Versions: qubes-mirage-firewall versions 0.8.x through 0.8.3 Description: The issue is related to a denial of service caused by a crafted multicast UDP packet. This can lead to CPU consumption and loss of forwarding. The vulnerability can be exploited ...

UBUNTU-CVE-2022-24810

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong...

MediaWiki Incorrect Access Control vulnerability

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks $wgBlockCIDRLimit by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

GHSA-7MQG-5FGH-XH4R MediaWiki Incorrect Access Control vulnerability

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks $wgBlockCIDRLimit by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

UDP-Hunter - Network Assessment Tool For Various UDP Services Covering Both IPv4 And IPv6 Protocols

UDP Scanning has always been a slow and painful exercise, and if you add IPv6 on top of UDP, the tool choices get pretty limited. UDP Hunter is a python based open source network assessment tool focused on UDP Service Scanning. With UDP Hunter, we have focused on providing auditing of widely know...

GHSA-6Q4W-3WP4-Q5WF Denial of Service in get-ip-range

The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service DoS if the range is untrusted input. An attacker could send a large range such as 128.0.0.0/1 that causes resource exhaustion. Update get-ip-range dependency to 4.0.0 or above...

@ajesus37/node-portcheck (=1.0.0), @hzabala/tplinkcloud-api-client (=1.0.0) +60 more potentially affected by CVE-2021-27191 via get-ip-range (=2.1.1)

get-ip-range NPM version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on get-ip-range and may be impacted: - @ajesus37/node-portcheck =1.0.0 - @hzabala/tplinkcloud-api-client =1.0.0 - @julusian/tp-link-tapo-connect =2.1.0-0 -...