CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue...

RWS WorldServer Security Vulnerability

RWS WorldServer is a flexible, enterprise-class translation management system from RWS UK. A security vulnerability exists in RWS WorldServer versions prior to 11.7.3, which stems from the fact that a normal user can create a user with the role of administrator via UserWSUserManager...

CVE-2023-49100

Trusted Firmware-A TF-A before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdeiinterruptbind. The parameter is passed to a call to platicgetinterrupttype. It can be any arbitrary value passing...

Difference between normalvalue and thresholdvalue under SNMP configuration

This article explains the difference between thresholdValue and normalValue under SNMP configuration...

OESA-2023-1883 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

SUSE CVE-2023-48234

Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit 58f9befca1 which has...

AZL-32027 CVE-2023-48234 affecting package vim for versions less than 9.0.2112-1

Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit 58f9befca1 which has...

CVE-2023-45618

There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI Aruba's access point management protocol. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the...

glib: GVariant deserialisation does not match spec for non-normal data

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service...

CVE-2023-45130

Frontier is Substrate's Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses storage::removeprefix now renamed to storage::clearprefix to remove all storage...

Exploit for Improper Input Validation in Atlassian Confluence_Data_Center

CVE-2023-22515 Exploit Script 🔐 This script is designed to ex...

Denial Of Service

Salt masters is vulnerable to Denial Of Service. The vulnerability is due to the master becoming unresponsive to return requests after receiving several bad packets on the request server, equal to the number of worker threads. This allows an attacker to disrupt the Salt master's normal operation...

Huawei EulerOS: Security Advisory for glib2 (EulerOS-SA-2023-2582)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ASUS RT-AX88U Cross-Site Scripting Vulnerability (CNVD-2023-63441)

The ASUS RT-AX88U is a wireless router from Asus China. The ASUS RT-AX88U suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the Custom User Icons feature, which can be exploited by an attacker to perform a store...

PT-2023-4035 · Asus · Asus Rt-Ac86U +1

Name of the Vulnerable Software and Affected Versions: ASUS RT-AX56U V2 version 3.0.0.4.386 50460 ASUS RT-AC86U version 3.0.0.4 386 51529 Description: A format string vulnerability is identified in the ASUS RT-AX56U V2 and RT-AC86U routers. This issue is caused by directly using input as a format...

Qatanna POS Software 1.0 Blind SQL Injection

Exploit Title: Qatanna POS Software 1.0 - Blind SQL Injection Exploit Date: May 07, 2023. CVSS 3.1: 8.8 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Application Name: Qatanna POS Software Application Version: 1.0 Link: https://www.codester.com/items/42053/qatanna-pos-software...

SUSE CVE-2023-3397

A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information...

glib2 代码问题漏洞

glib2 is a general-purpose, portable utility library for the GNOME project. It provides many useful data types, macros, type conversions, string utilities, file utilities, main loop abstractions, and more. A security vulnerability exists in glib2, which stems from a mismatch between the...

USN-6165-1 glib2.0 vulnerabilities

It was discovered that GLib incorrectly handled non-normal GVariants. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or perform other unknown attacks...

ASUS RT-AC86U OS Command Injection Vulnerability

The ASUS RT-AC86U is a dual-band Wi-Fi router from the Chinese company ASUS. The ASUS RT-AC86U suffers from an operating system command injection vulnerability that originates from not filtering the special characters of parameters in specific URLs, which can be exploited by a remote attacker wit...