CVE-2021-45785

TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery CSRF attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the vict...

CVE-2021-45785

TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery CSRF attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the vict...

CVE-2021-45785

Summary of CVE-2021-45785 (TruDesk) : TruDesk Help Desk/Ticketing Solution v1.1.11 is affected by a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to restart the server, causing a DoS. The attacker must lure a privileged user to visit a page containing a GET request to th...

CVE-2021-45785

TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery CSRF attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the vict...

Driver Disk for Microsemi smartpqi 2.1.28_025 - For Citrix Hypervisor 8.2 Cumulative Update 1 LTSR

Who should install this driver disk? Customers running the Citrix Hypervisor 8.2 Cumulative Update 1 LTSR release who use Microsemi's smartpqi driver and wish to use the latest version of the following: Driver Module| Driver Type| Version ---|---|--- smartpqi| SAS/Storage Controller| 2.1.28025...

argo-cd: Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss

A bypass of brute force protection flaw was found in Argo CD. Since login attempts are stored only in memory, every time the server restarts, that number is lost and unlimited login attempts can be made. It is possible to bypass brute force protections by chaining this issue with a denial of...

GHSA-JQ57-3W7P-VWVV Docassemble unauthorized access through URL manipulation

Impact The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. Patches The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched...

Driver Disk for Cisco enic 4.5.0.7-939.23 - For Citrix Hypervisor 8.2 LTSR

Who should install this driver disk? Customers running the Citrix Hypervisor 8.2 Cumulative Update 1 LTSR release who use Cisco's enic driver and wish to use the latest version of the following: Driver Module| Driver Type| Version ---|---|--- enic| Ethernet/NIC| 4.5.0.7-939.23 Issues resolved in...

Siemens SINEC INS Denial of Service Vulnerability (CNVD-2023-97253)

SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. A denial of service vulnerability exists in Siemens SINEC INS, whic...

CVE-2023-48430

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically...

CVE-2023-48429

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automaticall...

CVE-2023-48430

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically...

CVE-2023-48430

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically...

PT-2023-30849 · Siemens · Sinec Ins

Name of the Vulnerable Software and Affected Versions: SINEC INS versions prior to V1.0 SP2 Update 2 Description: A vulnerability has been identified in the REST API of affected devices, where it does not check the length of parameters in certain conditions. This allows a malicious admin to crash...

[slackware-security] bind

New bind packages are available for Slackware 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/bind-9.16.44-i586-1slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Limit the amount of recursion that can be...

Security Bulletin: IBM Jazz for Service Management is vulnerable to commons-fileupload-1.4.jar (Publicly disclosed vulnerability found by Mend) (CVE-2023-24998)

Summary IBM Jazz for Service Management is vulnerable to commons-fileupload-1.4.jar Publicly disclosed vulnerability found by Mend. The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipar file upload functionality to servlets and web application...

CVE-2023-37200

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause loss of confidentiality when replacing a project file on the local filesystem and after manual restart of the server...

Xxe

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause loss of confidentiality when replacing a project file on the local filesystem and after manual restart of the server...

CVE-2023-37200

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause loss of confidentiality when replacing a project file on the local filesystem and after manual restart of the server...

CVE-2023-37200

CVE-2023-37200 describes an XXE (CWE-611) vulnerability in Schneider Electric EcoStruxure OPC UA Server Expert (SV2.01 SP2 and earlier) that can lead to confidentiality loss when replacing a project file on the local filesystem and after a manual server restart. Publicly available connected docum...