PT-2023-22642 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro version 2.0.3 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters. This enables the execution of malicious scripts,...

CVE-2023-29202 org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter content was set to true. This allowed arbitrary HTML and in particular...

PT-2023-22328 · Bloofox · Bloofox

Name of the Vulnerable Software and Affected Versions: bloofox version 0.5.2 Description: The issue is related to a SQL injection vulnerability. It affects the component "/index.php?mode=content&page=pages&action=edit&eid=1". Recommendations: For bloofox version 0.5.2, consider restricting access...

PT-2023-22761 · Jenkins · Jenkins Turboscript Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins TurboScript Plugin versions 1.3 and earlier Description: A missing permission check in the plugin allows attackers with Item/Read permission to trigger builds of jobs corresponding to the attacker-specified repository. Recommendations...

PT-2023-2467 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient access control in the Win32k component of the Windows operating system. This can allow an attacker to elevate their privileges. There is no information...

CVE-2023-20679

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588453...

PT-2023-16990 · Unknown · Watchdog Anti-Virus

Name of the Vulnerable Software and Affected Versions: Watchdog Anti-Virus version 1.4.214.0 Description: A problematic vulnerability was found in Watchdog Anti-Virus, affecting the function in the library wsdk-driver.sys of the component IoControlCode Handler. This leads to denial of service. Th...

PT-2023-12849 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The provided information does not contain details about the issue, such as its nature or potential impact. There is no mention of estimated...

PT-2023-13944 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: The issue concerns stack-based buffer overflow vulnerabilities in the DetranCLI command parsing functionality. A specially-crafted network packet can lead to arbitrary command...

PT-2023-1233 · Microsoft · Dwm Core Library +1

Name of the Vulnerable Software and Affected Versions: Microsoft DWM Core Library affected versions not specified Description: The issue is related to insufficient access control in the Microsoft DWM Core Library of Windows operating systems. It allows an attacker to elevate their privileges,...

CVE-2022-32636

In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07510064...

PT-2022-28223 · Crates.Io · Mpl-Bubblegum +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue allowed verification of a creator that did not sign by utilizing a provision in Token Metadata. This provision enables creators who have signed compressed NFTs to decompress...

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to CVE-2022-2124, CVE-2022-2125, CVE-2022-2126 and CVE-2022-2129

Summary Vim is not used directly by IBM App Connect Enterprise Certified Container but is present in the operand images as part of the base operating system. Use of vim within IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution. This bulletin...

PT-2022-12629 · Lanner · Iac-Ast2500A

Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A version 1.10.0 Description: Session fixation and insufficient session expiration vulnerabilities allow an attacker to perform session hijacking attacks against users. Recommendations: For Lanner Inc IAC-AST2500A versio...

PT-2022-26293 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the "/goform/formSetFirewallCfg" API endpoint. Recommendations: For Tenda AC10 version 15.03.06.23, as...

PT-2022-5278 · D Link · D-Link Covr

Name of the Vulnerable Software and Affected Versions: D-Link COVR versions 1200, 1202, 1203 v1.08 Description: The issue is related to a command injection vulnerability in the SetNetworkTomographySettings function. This vulnerability can be exploited via the tomography ping number parameter,...

PT-2022-14656 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a missing authorization in the system service, which lacks permission checks and protection. This results in a local elevation of privilege. Recommendations: For...

PT-2022-5427 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient access restrictions in the Windows Local Security Authority LSA component, which can be exploited to elevate privileges. This allows an attacker to affe...

PT-2022-25677 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...

PT-2022-25762 · Jenkins · Jenkins Bigpanda Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins BigPanda Notifier Plugin versions 1.4.0 and earlier Description: The issue concerns the storage of the BigPanda API key in an unencrypted form within the global configuration file on the Jenkins controller. This file can be accessed b...