4606 matches found
AZL-26772 CVE-2023-28625 affecting package mod_auth_openidc for versions less than 2.4.14.2-1
modauthopenidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur,...
PT-2023-17250 · Sourcecodester · Sourcecodester Simple Mobile Comparison Website
Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Mobile Comparison Website version 1.0 Description: A critical issue was found in the file /admin/fields/manage field.php of the component GET Parameter Handler. The manipulation of the id argument leads to sql injection...
PT-2023-17230 · Sourcecodester · Sourcecodester Grade Point Average Gpa Calculator
Name of the Vulnerable Software and Affected Versions: SourceCodester Grade Point Average GPA Calculator version 1.0 Description: A critical issue has been found, affecting the function get scale of the file Master.php. The manipulation of the argument perc leads to sql injection. The attack can ...
Use of hard-coded, security-relevant constants in deepset-ai/haystack
Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack in version 1.15.0 and prior. A patch is available at commit 5fc84904f198de661d5b933fde756aa922bf09f1...
WordPress Swatchly – WooCommerce Variation Swatches for Products Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Swatchly – WooCommerce Variation Swatches for Products Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23792 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...
PT-2023-17189
Name of the Vulnerable Software and Affected Versions deepset-ai/haystack versions prior to 0.1.30 deepset-ai/haystack version 1.15.0 and prior Description The issue is related to the use of hard-coded, security-relevant constants in the GitHub repository deepset-ai/haystack. A patch is available...
PT-2023-20953 · Unknown · Opengoofy Hippo4J
Name of the Vulnerable Software and Affected Versions: OpenGoofy Hippo4j version 1.4.3 Description: The issue allows an attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module. Recommendations: For OpenGoofy Hippo4j version 1.4.3, consider...
PT-2023-17129 · Unknown · Jiangmin Antivirus
Name of the Vulnerable Software and Affected Versions: Jianming Antivirus version 16.2.2022.418 Description: A vulnerability was found in the library kvcore.sys of the component IoControlCode Handler, which can lead to denial of service. The manipulation can be launched on the local host. The...
CVE-2024-28182 affecting package rust for versions less than 1.68.0-1
CVE-2024-28182 affecting package rust for versions less than 1.68.0-1. A patched version of the package is available...
CVE-2023-23004 affecting package kernel for versions less than 5.15.102.1-1
CVE-2023-23004 affecting package kernel for versions less than 5.15.102.1-1. A patched version of the package is available...
PT-2023-21030 · Swfdump · Swfdump
Name of the Vulnerable Software and Affected Versions: swfdump version 0.9.2 Description: A heap buffer overflow was discovered in the function swf GetPlaceObject at swfobject.c. Recommendations: For swfdump version 0.9.2, consider disabling the swf GetPlaceObject function as a temporary workarou...
PT-2023-17081 · Feifeicms · Feifeicms
Name of the Vulnerable Software and Affected Versions: FeiFeiCMS version 2.7.130201 Description: A vulnerability was found in the Extension Tool component, specifically affecting the file Publicsystemslide add.html. This issue leads to cross-site scripting and can be initiated remotely. The explo...
CVE-2023-28428 PDFio vulnerable to Denial Of Service when opening a corrupt PDF file
PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue ...
PT-2023-17047 · Pimcore · Pimcore
Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.19 Description: The issue is related to Cross-site Scripting XSS - DOM, which has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or...
PT-2023-17032 · Rebuild · Rebuild
Name of the Vulnerable Software and Affected Versions: Rebuild versions up to 3.2.3 Description: A critical vulnerability was found in the function queryListOfConfig of the file /admin/robot/approval/list. The manipulation of the argument q leads to sql injection. The attack can be launched...
Design/Logic Flaw
Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...
CVE-2023-27591 Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics
Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...
UBUNTU-CVE-2023-1449
A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gfav1resetstate of the file mediatools/avparsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The explo...
CVE-2023-26545 affecting package kernel 5.10.168.1-1
CVE-2023-26545 affecting package kernel 5.10.168.1-1. A patched version of the package is available...
WordPress Open Graphite Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)
Software Open Graphite Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47439 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2e0d810c3c50 Credits minhtuanact Require...