CVE-2023-50327

IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109...

CVE-2023-50327 IBM PowerSC weak security

IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109...

IBM PowerSC 安全漏洞

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from an interpretation conflict vulnerability that stems from not using a secure HTTP method, which could be exploited by an attacker to perform unauthorized...

PT-2024-13904 · Ibm · Ibm Powersc

Name of the Vulnerable Software and Affected Versions: IBM PowerSC versions 1.3 through 2.1 Description: The issue is related to the use of insecure HTTP methods, which could allow a remote attacker to perform unauthorized file request modification. Recommendations: For versions 1.3 through 2.1,...

PT-2024-14824 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: Quarkus versions prior to 3.6.9 Quarkus versions prior to 3.7.1 Quarkus versions prior to 3.8.x Description: A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Jav...

CVE-2024-23903

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2024-0200

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

Design/Logic Flaw

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

CVE-2024-0200 Unsafe Reflection in Github Enterprise Server leading to Command Injection

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

GitHub Enterprise Server Security Vulnerability

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up one's GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server, which stems from the presence of ...

PT-2024-19402 · Avo · Avo

Name of the Vulnerable Software and Affected Versions: Avo versions prior to 2.47.0 Avo versions prior to 3.3.0 Description: Avo is a framework to create admin panels for Ruby on Rails apps. In Avo, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be...

EulerOS Virtualization 2.11.1 : python3 (EulerOS-SA-2023-2739)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assist...

Cross site scripting

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

CVE-2024-22199 Django Template Engine Vulnerable to XSS

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

PrestaShop SQL Injection Vulnerability (CNVD-2024-02171)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. PrestaShop suffers from a SQL injection vulnerability that stems from the application...

The vulnerability of the Spreadsheet::ParseExcel library in email security gateways of the Barracuda Email Security Gateway Appliance, related to the use of dangerous methods or functions, allows attackers to execute arbitrary code.

The vulnerability of the Spreadsheet::ParseExcel library, a microprogramming solution for email security gateways like Barracuda Email Security Gateway Appliance, is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow an attacker to execute arbitrary co...

The vulnerability of the MacMonitorConsole class in the software for controlling power sources of Voltronic Power ViewPower allows a hacker to execute arbitrary code.

The vulnerability of the MacMonitorConsole software class for controlling Voltronic Power ViewPower power sources is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code through a specially created request...

The vulnerability of the UpsScheduler class in the software for managing power sources of Voltronic Power ViewPower allows a perpetrator to execute arbitrary code.

The vulnerability of the UpsScheduler class in the software for managing power sources of Voltronic Power ViewPower is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code through a specially created request...

CVE-2023-50711

vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper can lea...

PT-2023-8290 · Moxa · Oncell G3150A-Lte Series

Name of the Vulnerable Software and Affected Versions: OnCell G3150A-LTE Series firmware versions prior to v1.3 Description: The issue is related to the transmission of data in an open manner, which could allow a remote attacker to obtain sensitive information. This could be achieved through...