PT-2023-21056 · Git +1 · Opencats

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious...

PT-2023-16739 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 1.3.3 Description: The issue is related to Cross-site Scripting XSS - Stored, which allows attackers to inject malicious scripts into the website. A patch is available and is anticipated to be part of...

CVE-2023-23931 affecting package python-cryptography for versions less than 3.3.2-4

CVE-2023-23931 affecting package python-cryptography for versions less than 3.3.2-4. A patched version of the package is available...

PT-2023-3640 · Sage · Sage X3

Name of the Vulnerable Software and Affected Versions: Sage X3 version 12.14.0.50-0 Description: The issue is related to Cross Site Scripting XSS in the Sage X3 Web application. Some parts of the application are dynamically built using user inputs, but these inputs are not verified or filtered,...

PT-2023-5683 · Avast · Avast Premium Security

Name of the Vulnerable Software and Affected Versions: Avast Premium Security affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. The flaw exists within the implementation of the sandbox feature due to incorrect...

WordPress Paytm Payment Gateway Plugin <= 2.7.3 is vulnerable to SQL Injection

Software Paytm Payment Gateway Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-45805 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID a951aa23af06 Credits Aman Rawat Required privilege Editor...

SUSE CVE-2017-1000369

Exim supports the use of multiple "-p" command line arguments which are malloc'ed and never free'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch...

SUSE CVE-2019-25085

A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdbtablewritecontentsasync of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is...

SUSE CVE-2021-43815

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerabili...

SUSE CVE-2022-3970

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tifgetimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and m...

SUSE CVE-2022-4639

A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msginfo leads to format string. The attack may be initiated remotely. The name of the...

SUSE CVE-2022-31129

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has...

PT-2023-9310 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: GPAC version 2.3-DEV-rev40-g3602a5ded Description: A critical issue has been found in the mp3 dmx process function of the file filters/reframe mp3.c, which leads to a heap-based buffer overflow. The attack may be initiated remotely...

CVE-2023-0266 affecting package kernel for versions less than 5.15.92.1-1

CVE-2023-0266 affecting package kernel for versions less than 5.15.92.1-1. A patched version of the package is available...

CVE-2023-25576 @fastify/multipart vulnerable to DoS due to unlimited number of parts

@fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This includes the multipart body parser accepting an...

CVE-2023-25162 Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery SSRF. Attackers can leverage enclosed alphanumeri...

CVE-2023-25163 Argo CD leaks repository credentials in user-facing error messages and in logs

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error...

go.uuid has Predictable UUID Identifiers

CVE Description for go.uuid A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker. Updat...

PT-2023-16449 · Sourcecodester · Sourcecodester Canteen Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Canteen Management System version 1.0 Description: A critical issue affects some unknown functionality of the file removeUser.php. The manipulation of the id argument leads to SQL injection. The attack can be launched remotely,...

Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT

A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra. The vulnerability is ...