CVE-2023-27591 Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics

Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...

UBUNTU-CVE-2023-1449

A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gfav1resetstate of the file mediatools/avparsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The explo...

CVE-2023-26545 affecting package kernel 5.10.168.1-1

CVE-2023-26545 affecting package kernel 5.10.168.1-1. A patched version of the package is available...

WordPress Open Graphite Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Open Graphite Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47439 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2e0d810c3c50 Credits minhtuanact Require...

PT-2023-21344 · Jpegoptim +1 · Jpegoptim +1

Name of the Vulnerable Software and Affected Versions: jpegoptim version 1.5.2 Description: A heap overflow can occur with crafted JPEG image files, specifically in the optimize function at jpegoptim.c. This issue is related to the processing of JPEG images. Recommendations: For jpegoptim version...

ALPINE-CVE-2023-27585

PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to...

PT-2023-21230 · Rizin · Rizin

Name of the Vulnerable Software and Affected Versions: Rizin versions 0.5.1 and prior Description: Rizin is a UNIX-like reverse engineering framework and command-line toolset. Converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when th...

CVE-2022-37939

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and...

Easy!Appointments uses hard-coded credentials

Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments 1.4.3 and prior. A patch is available and anticipated to be part of version 1.5.0...

PT-2023-1907 · Unknown · Mxsecurity

Name of the Vulnerable Software and Affected Versions: MXsecurity version 1.0 Description: The issue is related to a command injection vulnerability in the SSH CLI program of MXsecurity. This vulnerability can be exploited by attackers who have gained authorization privileges, allowing them to...

PT-2023-20493 · Dot-Lens · Dot-Lens

Name of the Vulnerable Software and Affected Versions: dot-lens versions all Description: The issue concerns Prototype Pollution via the set function in the index.js file. This affects all versions of the dot-lens package. There is no information provided about the estimated number of potentially...

PT-2023-16810 · Wisecleaner · Wise Folder Hider +1

Name of the Vulnerable Software and Affected Versions: WiseCleaner Wise Folder Hider version 4.4.3.202 Description: A vulnerability was found in the WiseCleaner Wise Folder Hider software, affecting the function in the library WiseFs64.sys of the component IoControlCode Handler. The manipulation...

Cockpit Uses Platform-Dependent Third Party Components

Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit 2.3.9 and prior. A patch is available and anticipated to be part of version 2.4.0...

CVE-2023-26470 In XWiki Platform, saving a document with a large object number leads to persistent OOM errors

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number e.g. 67108863. Most of the time this will fill the memory allocated to XWiki and make it unusable every...

CVE-2023-26471 XWiki Platform users may execute anything with superadmin right through comments and async macro

XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode anything dangerous is disabled, but the async macro does not take into account the restricted mode. This means that any user with...

CVE-2023-26478 org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function

XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, org.xwiki.store.script.TemporaryAttachmentsScriptServiceuploadTemporaryAttachment returns an instance of com.xpn.xwiki.doc.XWikiAttachment. This class is not supported to be exposed to users without the programing right...

CVE-2022-42329 affecting package kernel 5.10.167.1-1

CVE-2022-42329 affecting package kernel 5.10.167.1-1. A patched version of the package is available...

CVE-2022-36280 affecting package kernel 5.10.167.1-1

CVE-2022-36280 affecting package kernel 5.10.167.1-1. A patched version of the package is available...

PT-2023-19418 · Jensen Of Scandinavia · Jensen Of Scandinavia Eagle 1200Ac

Name of the Vulnerable Software and Affected Versions: Jensen of Scandinavia Eagle 1200AC version V15.03.06.33 en Description: A stack overflow issue was discovered via the wepkey1 parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For version V15.03.06.33 en, consider disabli...

PT-2023-12423 · Unknown · Serenityos

Name of the Vulnerable Software and Affected Versions: SerenityOS affected versions not specified Description: A critical issue has been found in SerenityOS, affecting the function initialize typed array from array buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. This issue...