Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2023-2771)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-28249 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...

PDF-XChange Editor App Object Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Oracle Linux 8 : sssd (ELSA-2019-3651)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3651 advisory. 2.2.0-19 - Resolves: rhbz1712875 - Old kerberos credentials active instead of valid new ones kcm 2.2.0-18 - Resolves: rhbz1744134 - New defect found in...

PT-2023-22196 · Electron · Electron

Name of the Vulnerable Software and Affected Versions: Electron versions prior to 22.3.6 Electron versions prior to 23.2.3 Electron versions prior to 24.0.1 Electron versions prior to 25.0.0-alpha.2 Description: Electron is a framework for writing cross-platform desktop applications using...

Zope AccessControl Information Disclosure Vulnerability

Zope AccessControl is a generic security framework used in Zope from the Zope Foundation. An information disclosure vulnerability exists in Zope AccessControl that stems from allowing a person controlling a format string to read accessible recursive objects via attribute access and subscription o...

Authorization Bypass

github.com/openfga/openfga is vulnerable to Authorization Bypass. The vulnerability exists because the number of objects returned with the ListObjects API are non-deterministic which allows an attacker to access unauthorized objects if the model contains expressions of type rel1 from type1...

The vulnerability of PDF-XChange Editor’s document viewing and editing software lies in the handling of an unreliable pointer, allowing attackers to execute arbitrary code.

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the handling of App objects using an untrusted pointer. Exploiting this vulnerability can allow attackers to execute arbitrary code...

Malicious code in @manomano-internal/mf-seller-xp-commons-objects (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd96bb1666c4060364596cc3a673428b5f242af6b6a80c2decf413bb23424261 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2023-27517 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions 1.3.0 and earlier Description: The issue affects OpenFGA, an authorization/permission engine, where some end users of versions 1.3.0 or earlier are vulnerable to authorization bypass when calling the "ListObjects" API endpoin...

PT-2023-27471 · Maxon · Maxon Cinema 4D

Name of the Vulnerable Software and Affected Versions: Maxon Cinema 4D affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this issue, where the target must...

DRUPAL-CONTRIB-2023-037

This module enables you to build administrative pages for managing configuration objects, which may then be used elsewhere in the site. The module doesn't sufficiently validate access when the JSONAPI module is also installed. This vulnerability is mitigated by the fact that it only affects sites...

SugarCRM 12.2.0 PHP Object Injection

------------------------------------------------------------------------------- SugarCRM = 12.2.0 DocusignGlobalSettings PHP Object Injection Vulnerability ------------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions...

Config Pages - Moderately critical - Information Disclosure - SA-CONTRIB-2023-037

This module enables you to build administrative pages for managing configuration objects, which may then be used elsewhere in the site. The module doesn't sufficiently validate access when the JSONAPI module is also installed. This vulnerability is mitigated by the fact that it only affects sites...

Pimcore 跨站脚本漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates applications for Web content management, e-commerce frameworks and product information management. A cross-site scripting vulnerability exist...

PDF-XChange Editor App Untrusted Pointer Dereference Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

PT-2023-26973 · Tracker Software Products · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...

PT-2023-27464 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...

Duplicate Advisory: @excalidraw/excalidraw Cross-site Scripting vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v7v8-gjv7-ffmr. This link is maintained to preserve external references. Original Description Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting XSS via embedded lin...

CVE-2023-26140

Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting XSS via embedded links in whiteboard objects due to improper input sanitization...