CVE-2023-38703

CVE-2023-38703 affects the PJSIP library when SRTP is enabled and the underlying transport is not UDP. The issue is a use-after-free in the higher-level SRTP path that is not synchronized with the lower transport, potentially causing memory corruption or application termination. The description n...

PT-2023-29063 · Unknown · Mojoportal

Name of the Vulnerable Software and Affected Versions: mojoPortal version 2.7.0.0 Description: The issue allows a remote attacker to execute arbitrary code via the File Manager function. This is a result of a File Upload vulnerability. Recommendations: For mojoPortal version 2.7.0.0, consider...

PT-2023-32038 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 2.0 Description: The issue concerns the use of hard-coded credentials in the GitHub repository microweber/microweber. A patch is available and is anticipated to be part of version 2.0. Recommendations:...

Notepad++ < 8.5.7 Multiple Buffer Overflow Vulnerabilities

The version of Notepad++ installed on the remote host is prior to 8.5.7. It is, therefore, affected by multiple buffer overflow vulnerabilties. An authenticated, local attacker could exploit these to cause a denial of service condition or the execution of arbitrary code. Note that Nessus has not...

Important: redis

Issue Overview: Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis BIT command are vulnerable to integ...

PYSEC-2023-178

plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the ++api++ traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less...

PT-2023-28639 · Frauscher Sensortechnik Gmbh · Fds101

Name of the Vulnerable Software and Affected Versions: Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi versions 1.4.24 and all previous versions Description: The issue is related to a SQL injection vulnerability that can be exploited via manipulated parameters of the web interface without...

CVE-2023-42447

blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on...

Design/Logic Flaw

blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on...

DEBIAN-CVE-2023-40167

Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests...

CVE-2023-3817 affecting package rust for versions less than 1.68.2-5

CVE-2023-3817 affecting package rust for versions less than 1.68.2-5. A patched version of the package is available...

GHSA-JCR6-4FRQ-9GJJ Users vulnerable to unaligned read of `*const *const c_char` pointer

Affected versions dereference a potentially unaligned pointer. The pointer is commonly unaligned in practice, resulting in undefined behavior. In some build modes, this is observable as a panic followed by abort. In other build modes the UB may manifest in some other way, including the possibilit...

PT-2023-32827 · WordPress · User Shortcodes Plus

Name of the Vulnerable Software and Affected Versions: User Shortcodes Plus plugin for WordPress versions up to, and including, 2.0.2 Description: The issue is related to Insecure Direct Object Reference, which affects the user meta shortcode due to missing validation on a user-controlled key. Th...

CVE-2023-41055 LibreY Server-Side Request Forgery (SSRF) vulnerability via wikipedia_language cookie

LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery SSRF vulnerability in the engines/google/text.php and engines/duckduckgo/text.php files in versions before commit...

CVE-2023-3439 affecting package hyperv-daemons for versions less than 5.15.126.1-1

CVE-2023-3439 affecting package hyperv-daemons for versions less than 5.15.126.1-1. A patched version of the package is available...

CVE-2023-37460 affecting package javapackages-bootstrap for versions less than 1.5.0-4

CVE-2023-37460 affecting package javapackages-bootstrap for versions less than 1.5.0-4. A patched version of the package is available...

PT-2023-27019 · Audimexee · Audimexee

Name of the Vulnerable Software and Affected Versions: AudimexEE version 15.0 Description: The issue is related to multiple reflected cross-site scripting XSS vulnerabilities. These vulnerabilities are present in the Show Kai Data component. Cross-site scripting XSS is a type of security...

PT-2023-8675 · Zbar +5 · Zbar +5

Name of the Vulnerable Software and Affected Versions: ZBar version 0.23.90 Description: A heap-based buffer overflow exists in the qr reader match centers function. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this issue, an attacker c...

PYSEC-2023-269

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...

Server side request forgery (ssrf)

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...