PT-2023-9687 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js version 20 Description: A flaw in the experimental permission model of Node.js version 20 allows malicious actors to retrieve stats from files they do not have explicit read access to when the --allow-fs-read flag is used with a non-...

CVE-2023-35172 Nextcloud Server password reset endpoint is not brute force protected

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until...

WordPress Photo Gallery by Ays Plugin < 5.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by Ays Type Plugin Vulnerable versions 5.1.7 Fixed in 5.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2568 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 1b5a7b5e5c1c Credits Erwan LR WPScan...

PT-2023-18600 · Suse · Suse Manager Server Module +1

Name of the Vulnerable Software and Affected Versions: SUSE Manager Server Module 4.2 versions prior to 4.2.50-150300.3.66.5 SUSE Manager Server Module 4.3 versions prior to 4.3.58-150400.3.46.4 NeuVector affected versions not specified Description: A user can reverse engineer the JSON Web Token...

PT-2023-11560 · Taogogo · Taocms

Name of the Vulnerable Software and Affected Versions: taogogo taoCMS version 2.5 beta5.1 Description: The issue allows a remote attacker to execute arbitrary code via the name field in "admin.php". This is a Cross Site Scripting vulnerability. Recommendations: For version 2.5 beta5.1, as a...

CVE-2023-34454 snappy-java's Integer Overflow vulnerability in compress leads to DoS

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function compresschar input in the file Snappy.java receives an array of characters and compresses it. I...

CVE-2023-34453 snappy-java's Integer Overflow vulnerability in shuffle leads to DoS

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function shuffleint input in the file BitShuffle.java receives an array of integers and applies a bit shuffle on it. It...

PT-2023-24794 · Pulse Secure · Pulse Secure Client

Name of the Vulnerable Software and Affected Versions: Pulse Secure Client affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged co...

CVE-2023-31436 affecting package kernel 5.10.179.1-1

CVE-2023-31436 affecting package kernel 5.10.179.1-1. A patched version of the package is available...

WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.4.0 is vulnerable to Broken Access Control

Software WooCommerce Stripe Payment Gateway Type Plugin Vulnerable versions = 7.4.0 Fixed in 7.4.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-35049 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID e9d7b3efee69 Credits Rafie...

WordPress Catalyst Connect Zoho CRM Client Portal Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Catalyst Connect Zoho CRM Client Portal Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0588 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 2843a5139fb1 Credit...

CVE-2023-32690 Responder can Invoke Undefined Behavior in libspdm Requester

libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that...

CVE-2023-33965 Brook's tproxy server is vulnerable to a drive-by command injection.

Brook is a cross-platform programmable network tool. The tproxy server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local tproxy service leading to remote code execution. A patch is available in...

CVE-2023-33979 gpt_academic's Configuration File vulnerable to File Information Disclosure

gptacademic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gptacademic 3.37 and prior. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure. Since no sensitive...

CVE-2023-33979

The CVE-2023-33979 issue affects gpt_academic (3.37 and earlier), where improper handling of the Configuration File Handler allows manipulation of the file argument resulting in information disclosure. Read access via the /file route can leak sensitive information from working directories, partic...

Pleasanter vulnerable to cross-site scripting

Overview Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability CWE-79. Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Implem Inc. and Implem Inc. reported it to IPA. JPCERT/CC and Implem Inc. coordinated under the Information Security...

PT-2023-24412 · H3C · H3C Magic R300

Name of the Vulnerable Software and Affected Versions: H3C Magic R300 version R300-2100MV100R004 Description: A stack overflow issue was discovered via the UpdateSnat interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R300 device. Recommendations: For H3C Magic R300...

CVE-2023-33973 RIOT-OS vulnerable to NULL pointer dereference during NHC encoding

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference...

PT-2023-22440 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.22 Description: A path traversal issue exists, allowing an attacker to overwrite or modify sensitive files by manipulating the pimcore log parameter. This can lead to potential denial of service due to k...

PT-2023-3739 · Advantech · Advantech Webaccess

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess version 8.4.5 Description: The issue is related to insufficient authentication data validation in the software. An attacker could exploit this by tricking an authenticated user into loading a maliciously crafted .zip file,...