CVE-2023-44765

CVE-2023-44765 affects Concrete CMS up to v8.5.12 and v9.0–9.2.1, where an XSS flaw in the System & Settings component allows an attacker to execute arbitrary code via a crafted script to the Plural Handle of the Data Objects. Affected versions: 8.5.12 and below; 9.0–9.2.1. Impact is exploitation...

CVE-2023-44761

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

GHSA-M755-GXXG-R5QH Zope management interface vulnerable to stored cross site scripting via the title property

Impact The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface ZMI because the title property is displayed unquoted in the breadcrumbs element. All versions of Zope 4 and Zope 5 are...

Redisson Code Issue Vulnerability

Redisson is a Java memory-resident data grid from Redisson open source. A code issue vulnerability exists in Redisson version 3.22.0, which stems from the fact that some messages received from a Redis server contain client-side deserialized Java objects without further validation, which can be...

PT-2023-7964 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: The issue is related to a use-after-free vulnerability in the handling of Doc objects within Foxit PDF Reader and Foxit PDF Editor...

PT-2023-7970 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...

PT-2023-9158 · Qualcomm · Qualcomm Embedded Platform Graphics Driver

Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform graphics driver affected versions not specified Description: The issue is related to a memory corruption problem in the graphics driver when a context is destroyed with KGSL GPU AUX COMMAND TIMELINE objects queued...

WEM - All Organizational Units under Active Directory Objects are not listed

In some customer environment all OUs Organizational Unit may not be listed in WEM Administration Console - Active Directory Objects - Machines - Add OU. However, administrator can manually add computer objects without any issue...

GHSA-8MJR-6C96-39W8 pydash Command Injection vulnerability

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...

CVE-2023-26145

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...

Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via...

PT-2023-6468 · Avast · Avast Premium Security

Name of the Vulnerable Software and Affected Versions: Avast Premium Security affected versions not specified Description: The issue is related to insufficient access control in the isolated environment when handling namespace objects. Exploitation of this flaw can allow an attacker to escalate...

Red Hat Infinispan Security Vulnerability

Red Hat Infinispan is a distributed cache and key-value NoSQL datastore from Red Hat. Red Hat Infinispan suffers from a security vulnerability that stems from not detecting circular object references during ungrouping, which can be exploited by an attacker to insert maliciously constructed object...

[SECURITY] Fedora 39 Update: rubygem-activerecord-7.0.7.2-1.fc39

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

USN-6370-1 modsecurity-apache vulnerabilities

It was discovered that ModSecurity incorrectly handled certain nested JSON objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-42717 It was discovered that ModSecurity incorrect...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including. Business Objects, HANA, Netweaver and Powerdesigner. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data...

The vulnerability of HTML objects in the software tool for managing identities and access control allows a hacker to carry out XSS attacks.

The vulnerability of HTML objects in software tools for managing identities and access control is related to deficiencies in the security measures used to protect web page structures. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

Input validation

NLnet Labs’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914...

CVE-2023-39915

The CVE-2023-39915 entry concerns NLnet Labs’ Routinator up to version 0.12.1, which may crash when parsing certain malformed RPKI objects. Root cause is insufficient input checking in the bcder library (the same underlying issue as CVE-2023-39914). Impact, per the citations, is availability inte...

NLnet Labs Routinator Security Breach

NLnet Labs Routinator is an RPKI Resource Public Key Infrastructure validator written in the Rust language by the NLnet Labs team in the Netherlands. A security vulnerability exists in NLnet Labs Routinator version 0.12.1 and earlier, which stems from insufficient input checking and may crash whe...