py-cryptography -- allows programmers to misuse an API

alex reports: Previously, Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to be mutated, thus violating fundamental rules of Python. This is a soundness bug -- it allows...

CVE-2023-23477

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513...

CVE-2023-23477

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513...

CVE-2023-23477 IBM WebSphere Application Server code execution

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513...

IBM WebSphere Application Server 代码注入漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform.A code injection vulnerability exists in IBM WebSphere...

GHSA-CQ4P-VP5Q-4522 Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects

Impact This issue affects Rancher versions from 2.5.0 up to and including 2.5.16, from 2.6.0 up to and including 2.6.9 and 2.7.0. It was discovered that the security advisory CVE-2021-36782 GHSA-g7j7-h4q8-8w2f, previously released by Rancher, missed addressing some sensitive fields, secret tokens...

PT-2023-1495 · Suse · Suse Rancher

Name of the Vulnerable Software and Affected Versions: SUSE Rancher versions prior to 2.5.17 SUSE Rancher versions prior to 2.6.10 SUSE Rancher versions prior to 2.7.1 Description: A Cleartext Storage of Sensitive Information issue in SUSE Rancher allows users on managed clusters to gain access t...

The vulnerability of the IBM Sterling Partner Engagement Manager software lies in the improper limitation of XML links to external objects, which allows attackers to disclose protected information.

The vulnerability of the IBM Sterling Partner Engagement Manager software relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose sensitive information...

GHSA-6VF6-G3PR-J83H pimcore is vulnerable to cross-site scripting via "title field " in data objects

Impact The vulnerability is capable of resulting in stolen user cookies. Proof of Concept Login with dev account https://11.x-dev.pimcore.fun/admin/?dc=1670962076&perspective= Go to setting -- data objects -- classes -- events Click media under genaral settings Add payload in title field. Go to...

pimcore is vulnerable to cross-site scripting via "title field " in data objects

Impact The vulnerability is capable of resulting in stolen user cookies. Proof of Concept Login with dev account https://11.x-dev.pimcore.fun/admin/?dc=1670962076&perspective= Go to setting -- data objects -- classes -- events Click media under genaral settings Add payload in title field. Go to...

PT-2023-2887 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

CVE-2022-45927

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code...

Foxit PDF Reader < 12.1 Vulnerability

According to its version, the Foxit PDF Reader application previously named Foxit Reader installed on the remote Windows host is prior to 12.1. It is, therefore affected by vulnerability: - This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF...

Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

CVE-2022-45927

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code...

Foxit PDF Editor < 11.2.6 and < 12.1.2 Vulnerability

According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host, with versions prior to 11.2.6 and 12.1.2 are vulnerable: - This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF...

CVE-2018-14628

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store...

ALPINE-CVE-2018-14628

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store...

DEBIAN-CVE-2018-14628

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store...