CVE-2023-36922

The CVE-2023-36922 entry concerns SAP ECC/SAP S/4HANA IS-OIL with a programming error in the function module and report that permits an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter of a common extension. Exploitation can allow reading/modify...

CVE-2023-36922 OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

Important: Red Hat Security Advisory: python39:3.9 and python39-devel:3.9 security update

An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat...

WordPress plugin MStore API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

OSNEXUS QuantaStor 操作系统命令注入漏洞

OSNEXUS QuantaStor is a unified software-defined storage platform from OSNEXUS Corporation. An operating system command injection vulnerability exists in OSNEXUS QuantaStor versions prior to 6.0.0.355. An attacker could exploit this vulnerability to remotely execute arbitrary shell commands via t...

PT-2023-36216 · Google +1 · Go +1

Name of the Vulnerable Software and Affected Versions: amazon-ecs-init affected versions not specified Description: The issue is related to a security release in the Go programming language, version 1.20. The update of amazon-ecs-init is intended to address this issue by rebuilding the package wi...

programming-techniques.com Cross Site Scripting vulnerability OBB-3477394

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service...

PT-2023-36212 · Hashicorp · Terraform-Provider-Helm

Name of the Vulnerable Software and Affected Versions: terraform-provider-helm affected versions not specified Description: The issue is related to a security release in the Go programming language, version 1.20. The terraform-provider-helm package has been rebuilt to incorporate this security...

PT-2023-36207 · Rekor · Rekor

Name of the Vulnerable Software and Affected Versions: rekor affected versions not specified Description: The issue is related to a security release in the Go programming language, specifically version 1.20. The problem is addressed by rebuilding the rekor package with this security release...

PT-2023-36211 · Hashicorp · Terraform-Provider-Aws

Name of the Vulnerable Software and Affected Versions: terraform-provider-aws affected versions not specified Description: The issue is related to a security release in the Go programming language, version 1.20. The terraform-provider-aws package has been rebuilt to incorporate this security...

CVE-2023-36607

The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents...

Important: Red Hat Security Advisory: python27:2.7 security update

An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

User Registration < 3.0.2 - Subscriber+ PHP Object Injection

The plugin does not properly sanitize the 'profile-pic-url' parameter, leading to a potential PHP Object Injection. This vulnerability stems from the deserialization of untrusted input, potentially enabling a malicious user with subscriber-level permissions to inject a PHP Object. The issue may...

PT-2023-36206 · Buildah +1 · Buildah +1

Name of the Vulnerable Software and Affected Versions: buildah affected versions not specified Description: The issue is related to a security release in the Go programming language, version 1.20. The buildah package has been rebuilt with this security release to address the issue. There is no...

PT-2023-4817 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.6 XWiki Platform versions prior to 15.1 Description: The issue allows an attacker to inject XWiki syntax and Velocity code, which is executed with programming rights, thus enabling remote code execution...

IBM Cloud Pak for Security 信息泄露漏洞

IBM Cloud Pak for Security is an application from International Business Machines IBM, Inc. an open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster. A security vulnerability exists in IBM Cloud Pak for...

SUSE-SU-2023:2297-2 Security update for golang-github-vpenso-prometheus_slurm_exporter

This update of golang-github-vpenso-prometheusslurmexporter fixes the following issues: - rebuild the package with the go 1.19 security release bsc1200441 bsc1209658...

DLA-3469-1 lua5.3 - security update

Bulletin has no description...

Important: Red Hat Security Advisory: python38:3.8 and python38-devel:3.8 security update

An update for the python38:3.8 and python38-devel:3.8 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...