7686 matches found
Exploit for CVE-2023-31497
EPScalate An elevation of privilege vulnerability in QuickHeal...
vm2 vulnerable to sandbox escape
vm2 was not properly handling host objects passed to Error.prepareStackTrace in case of unhandled async errors. - vm2 version: 3.9.14 - Node version: 18.15.0, 19.8.1, 17.9.1 Impact A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the...
CVE-2023-28500
A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe LiveCycle ES4 version 11.0.1 and later may...
RLSA-2023:1591 Important: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: webpack: avoid cross-realm objects CVE-2023-28154 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...
vm2 安全漏洞
vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. A security vulnerability exists in vm2 versions prior to 3.9.15 that stems from vm2 not properly handling passed host...
CVE-2023-28500
A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe LiveCycle ES4 version 11.0.1 and later may...
UBUNTU-CVE-2023-0842
xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...
[SECURITY] Fedora 37 Update: rubygem-activerecord-7.0.4.3-1.fc37
Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...
The vulnerability of the MinIO object storage server is related to errors during permission saving, which allow a malicious actor to delete managed objects.
The vulnerability of the MinIO object storage server is related to errors during permission saving. Exploiting this vulnerability could allow an attacker to delete managed objects...
postgresql: Extension scripts replace objects not belonging to the extension.
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...
Important: Red Hat Security Advisory: pcs security update
An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
ALSA-2023:1591 Important: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: webpack: avoid cross-realm objects CVE-2023-28154 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...
The vulnerability of the QvsViewClient client of the QlikView analytics platform allows a perpetrator to execute cross-site scripting attacks.
The vulnerability of the QvsViewClient client of the QlikView analytics platform is related to the lack of measures taken to protect the structure of the web page when creating interactive objects. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by...
AZL-43621 CVE-2023-0225 affecting package samba 4.12.5-7
A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory...
Fedora: Security Advisory for rubygem-activerecord (FEDORA-2023-d6157bb1e2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: rubygem-activerecord-7.0.4.3-1.fc38
Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...
GHSA-FG7X-G82R-94QC Ruby Time component ReDoS issue
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...
PT-2023-13006 · Avanquest · Pdfescape Online +1
Name of the Vulnerable Software and Affected Versions: Avanquest Software RAD PDF PDFEscape Online version 3.19.2.2 Description: The PDFEscape Online tool has a "white out" functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does not remove...
CVE-2022-43649
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.2.12465. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2022-43649
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.2.12465. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...