PYSEC-2023-269

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...

CVE-2023-40017 Geonode Server Side Request Forgery vulnerability

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...

CVE-2023-40017 Geonode Server Side Request Forgery vulnerability

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...

PT-2023-27465 · Maxon · Maxon Cinema 4D

Name of the Vulnerable Software and Affected Versions: Maxon Cinema 4D affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this issue, where the target must...

PT-2023-27075 · Icewarp · Icewarp Mail Server

Name of the Vulnerable Software and Affected Versions: IceWarp Mail Server version 10.4.5 Description: The issue is related to a local file inclusion LFI vulnerability. It affects the /calendar/minimizer/index.php component, allowing attackers to include or execute files from the local file syste...

PT-2023-5034 · Cisco · Cisco Fxos

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software affected versions not specified Description: A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device,...

Cockpit Cross-site Scripting vulnerability

Cross-site Scripting XSS - Stored in GitHub repository cockpit-hq/cockpit version 2.6.3 and prior. A patch is available at commit 36d1d4d256cbbab028342ba10cc493e5c119172c and anticipated to be part of version 2.6.4...

Cockpit Cross-site Scripting vulnerability

Cross-site Scripting XSS - Reflected in GitHub repository cockpit-hq/cockpit version 2.6.3 and prior. A patch is available at commit 2a93d391fbd2dd9e730f65d43b29beb65903d195 and anticipated to be part of version 2.6.4...

PT-2023-29131 · Ruijie · Ruijie Rg-Ew1200G

Name of the Vulnerable Software and Affected Versions: Ruijie RG-EW1200G version 07161417 r483 Description: A critical issue affects some unknown functionality of the /api/sys/login API endpoint, leading to improper authentication. The attack can be launched remotely. The exploit has been disclos...

PT-2023-4468 · D Link · D-Link Dir-880L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-880 A1 FW107WWb08 Description: The issue is related to a NULL pointer dereference in the FUN 00010824 function. This can potentially allow a remote attacker to cause a denial of service. Recommendations: For D-Link DIR-880 A1...

PT-2023-26988 · Unknown · Rikunabi Next App

Name of the Vulnerable Software and Affected Versions: Rikunabi NEXT App for Android versions prior to 11.5.0 Description: The issue is related to improper authorization in the custom URL scheme handler, allowing a malicious intent to lead the vulnerable App to access an arbitrary website...

CVE-2023-38432 affecting package kernel 5.10.185.1-1

CVE-2023-38432 affecting package kernel 5.10.185.1-1. A patched version of the package is available...

CVE-2023-38427 affecting package kernel 5.10.185.1-1

CVE-2023-38427 affecting package kernel 5.10.185.1-1. A patched version of the package is available...

CVE-2022-45884 affecting package kernel 5.10.185.1-1

CVE-2022-45884 affecting package kernel 5.10.185.1-1. A patched version of the package is available...

CVE-2022-48502 affecting package kernel 5.10.185.1-1

CVE-2022-48502 affecting package kernel 5.10.185.1-1. A patched version of the package is available...

GHSA-3VF5-XM2P-6MH5 Cockpit Cross-site Scripting vulnerability

Cross-site Scripting XSS - Stored in GitHub repository cockpit-hq/cockpit 2.6.2 and prior. A patch is available at commit 34ab31ee9362da51b9709e178469dbffd7717249...

PT-2023-7521 · Sierra Wireless · Aleos

Name of the Vulnerable Software and Affected Versions: ALEOS versions 4.16 and earlier Description: The issue is related to the use of hardcoded credentials in the debugging mode of the ALEOS operating system for Sierra Wireless MP70, RV50x, RV55, LX40, LX60 ES450, GX450 wireless routers. When...

PT-2023-27360 · Harman · Harman Infotainment

Name of the Vulnerable Software and Affected Versions: Harman Infotainment versions 20190525031613 and later Description: The issue discloses the IP address via CarPlay CTRL packets. Recommendations: For Harman Infotainment versions 20190525031613 and later, consider restricting access to CarPlay...

SUSE CVE-2023-39962

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a malicious user could delete any personal or global external...

PT-2023-4900 · Eprosima +2 · Eprosima Fast Dds +2

Name of the Vulnerable Software and Affected Versions: eprosima Fast DDS versions prior to 2.10.0 and 2.6.5 Description: The issue is related to insufficient handling of exceptional states in the eprosima Fast DDS library, which is a C++ implementation of the Data Distribution Service standard of...