Missing Authorization

silverstripe/framework is vulnerable to Missing Authorization. The vulnerability exists due to missing authorization checks on the GridFieldPrintButton.php data objects, which allows an attacker to gain sensitive information...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

kernel: drm/i915/ttm: don't leak the ccs state

In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, however the kernel should still take care not to leak the CCS state from the previous user. cherry picked from commit...

SAP BusinessObjects Platform 安全漏洞

SAP BusinessObjects Platform is a centralized suite for data reporting, visualization and sharing from SAP, Germany. A security vulnerability exists in SAP BusinessObjects Platform, which can be exploited by remote attackers to submit a special request that can be sniffed to obtain sensitive...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2023-1827)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2023-1809)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-28656

NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2023-28656

NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2023-28656 NGINX Management Suite vulnerability

NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

K000132719: BIG-IQ iControl REST vulnerability CVE-2023-29240

Security Advisory Description An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ system can upload arbitrary files using an undisclosed iControl REST endpoint. CVE-2023-29240 Impact This vulnerability may allow an authenticated attacker with network access to iControl REST to...

K000133417: NGINX Management Suite vulnerability CVE-2023-28656

Security Advisory Description NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. CVE-2023-28656 Impact This vulnerability may allow an authenticated attacker to bypass the authorization policy and read or modif...

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of D...

XSS in choose time value Classes Data Objects

Description XSS in choose time value Classes Data Object Proof of Concept Login in URL : https://demo.pimcore.fun/admin Go to Settings- Data Objects - Classes - News NE - Dates & Images in tab Dates & Images , inject payload to value time at Specific Settings // PoC payload : " video PoC:...

VMware Workspace ONE Access VMSA-2022-0011 exploit chain

This module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability CVE-2022-22956 is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the authentication...

VMware Workspace ONE Remote Code Execution Exploit

This Metasploit module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability, CVE-2022-22956, is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the...

XWiki Platform 安全漏洞

XWiki Platform is a suite of wiki platforms for creating web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform, which stems from the ability to corrupt many translations from wiki pages by creating corrupted documents containing translated...

OESA-2023-1225 json-smart security update

Json-smart is a performance focused, JSON processor lib. Security Fixes: Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to th...

PT-2023-2758 · Nginx · Nginx Instance Manager +3

Name of the Vulnerable Software and Affected Versions: NGINX Management Suite affected versions not specified NGINX Instance Manager affected versions not specified NGINX API Connectivity Manager affected versions not specified NGINX Security Monitoring affected versions not specified Description...

PT-2023-4657 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this, where the target must...