CVE-2024-23342 python-ecdsa vulnerable to Minerva attack on P-256

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...

CVE-2024-23342 python-ecdsa vulnerable to Minerva attack on P-256

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...

PT-2024-12024 · Jensen Of Scandinavia · Jensen Of Scandinavia Eagle 1200Ac

Name of the Vulnerable Software and Affected Versions: Jensen of Scandinavia Eagle 1200AC version V15.03.06.33 en Description: A command injection issue was discovered in the function formWriteFacMac, allowing attackers to execute arbitrary commands by manipulating the mac parameter. This enables...

Important: sqlite

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

PT-2024-1191 · Oracle · Oracle Webcenter Content

Name of the Vulnerable Software and Affected Versions: Oracle WebCenter Content version 12.2.1.4.0 Description: The issue is related to insufficient input validation in the Content Server component of Oracle WebCenter Content, allowing an unauthenticated attacker with network access via HTTP to...

DEBIAN-CVE-2023-51698

Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CB...

CVE-2023-51698 Atril's CBT comic book parsing vulnerable to Remote Code Execution

Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CB...

CVE-2023-51698 Atril's CBT comic book parsing vulnerable to Remote Code Execution

Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CB...

PT-2024-1448 · Unknown · Rapid Scada

Name of the Vulnerable Software and Affected Versions: Rapid SCADA versions prior to Version 5.8.4 Description: The issue is related to a Zip Slip vulnerability in the unpacking routine, allowing an attacker to supply a malicious configuration file and achieve remote code execution. This can be...

PT-2024-14362 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOlink A3700R version 9.1.2u.5822 B20200513 Description: The issue is related to a remote command execution RCE vulnerability. It can be exploited via the setTracerouteCfg function. Recommendations: For TOTOlink A3700R version 9.1.2u.5822...

PT-2024-14364 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOlink A3700R version 9.1.2u.5822 B20200513 Description: The issue is related to a remote command execution RCE vulnerability. It can be exploited via the setOpModeCfg function. Recommendations: For TOTOlink A3700R version 9.1.2u.5822...

PT-2024-14361 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOlink A3700R version 9.1.2u.5822 B20200513 Description: The issue is related to a remote command execution RCE vulnerability. It can be exploited via the NTPSyncWithHost function. Recommendations: For version 9.1.2u.5822 B20200513, conside...

PT-2024-13632 · Wwbn · Wwbn Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 Description: A cross-site scripting xss vulnerability exists in the function getOpenGraph videoName functionality. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a us...

PT-2024-1501 · Cisco · Cisco Telepresence Management Suite

Name of the Vulnerable Software and Affected Versions: Cisco TelePresence Management Suite affected versions not specified Description: The issue exists due to insufficient input validation by the web-based management interface, allowing an authenticated, remote attacker to conduct a cross-site...

PT-2024-1485 · Cisco · Cisco Prime Infrastructure +1

Name of the Vulnerable Software and Affected Versions: Cisco Prime Infrastructure affected versions not specified Cisco Evolved Programmable Network EPN Manager affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote...

WordPress List category posts Plugin <= 0.89.3 is vulnerable to Cross Site Scripting (XSS)

Software List category posts Type Plugin Vulnerable versions = 0.89.3 Fixed in 0.89.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6994 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1c18776c10d9 Credits Ngô Thiên An ancor...

PT-2024-2984 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 776 Description: The issue is related to an improper neutralization of special elements used in an OS command, allowing OS command injection. This can enable the creation of a reverse shell and the execution o...

PT-2024-1560 · Sap · Sap S/4Hana Finance For Advanced Payment Management

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA Finance for Advanced Payment Management - versions SAPSCORE 128, S4CORE 107 Description: The issue is related to improper authorization checks in the SAP S/4HANA Finance for Advanced Payment Management. This could allow an attacke...

DEBIAN-CVE-2023-51441

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

PT-2024-14125 · Apache +2 · Apache Axis +2

Name of the Vulnerable Software and Affected Versions: Apache Axis versions through 1.3 Description: The issue is related to an Improper Input Validation vulnerability in Apache Axis, which allows users with access to the admin service to perform possible Server-Side Request Forgery SSRF. This...