EPSON ESC/POS 访问控制错误漏洞

EPSON ESC/POS is a protocol used by the Japanese company EPSON for controlling POS printers. EPSON ESC/POS has a vulnerability related to access control. This vulnerability stems from the lack of user authentication and command authorization mechanisms, no control over network communication sourc...

CVE-2024-57875

creationtimestamp| type| source ---|---|--- 2025-01-11 15:04:37+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/1320 2025-01-11 15:15:40+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfhyrmjx4z22 2025-01-11 15:39:28+00:00| seen|...

CVE-2024-32979

Nautobot (a Django-based network automation platform) is affected by a Reflected Cross-Site Scripting (XSS) vulnerability due to improper handling and escaping of user-supplied query parameters. All filterable object-list views are susceptible to injecting malicious scripts via crafted URLs, pote...

CVE-2024-29199

CVE-2024-29199 affects Nautobot, where multiple URL endpoints were accessible to unauthenticated users due to default EXEMPT_VIEW_PERMISSIONS behavior. The root cause is improper access control exposing data unless permissions are explicitly granted. The vulnerability is mitigated by fixes in Nau...

Cross site scripting

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that suppo...

PYSEC-2024-16

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that suppo...

CVE-2024-23345

Nautobot (Network Source of Truth and Network Automation Platform) versions prior to 1.6.10 and 2.1.2 are vulnerable to cross-site scripting (XSS) in any user-editable field that supports Markdown rendering due to inadequate input sanitization. The issue affects Markdown-enabled fields across the...

CVE-2023-51649

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have...

CVE-2023-51649

CVE-2023-51649 affects Nautobot, a Django-based network automation platform. The issue: when submitting a Job via a Job Button, only the model-level extras.run_job permission is enforced; object-level permissions (permission to run a specific Job) are not checked by the relevant URL/view. Result:...

CVE-2023-50263

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs /files/get/?name=... and /files/download/?name=... are used to provid...

Cross site scripting

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's marksafe API when rendering certain type...

CVE-2023-48705

Nautobot CVE-2023-48705 affects all Nautobot versions before 1.6.6 and before 2.0.5. Root cause: incorrect usage of Django’s mark_safe() when rendering certain user-authored content (e.g., custom links, job buttons, computed fields). Impact: attackers with permission to create or edit such conten...

CVE-2023-25657 Remote code execution in Jinja2 template rendering in Nautobot

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the...

CVE-2023-25657

Summary: CVE-2023-25657 affects Nautobot before 1.5.7, where the Jinja2 template engine was not sandboxed, potentially enabling remote code execution. In Nautobot 1.5.7 and later, sandboxed environments are enabled for Jinja2 rendering for objects such as extras.ComputedField, extras.CustomLink, ...

SUSE SLED11 / SLES11 Security Update : Xen (SUSE-SU-2015:0747-1)

The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed : CVE-2015-2756: XSA-126: Unmediated PCI command register access in qemu could have lead to denial of service attacks against the host, if PCI cards are passed through...

CVE-2013-4185

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...

Design/Logic Flaw

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...

CVE-2013-4185

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...

CVE-2013-4185

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...