137 matches found
CVE-2024-3137
Improper Privilege Management in uvdesk/community-skeleton...
SUSE CVE-2024-50204
In the Linux kernel, the following vulnerability has been resolved: fs: don't try and remove empty rbtree node When copying a namespace we won't have added the new copy into the namespace rbtree until after the copy succeeded. Calling freemntns will try to remove the copy from the rbtree which is...
UBUNTU-CVE-2024-50204
In the Linux kernel, the following vulnerability has been resolved: fs: don't try and remove empty rbtree node When copying a namespace we won't have added the new copy into the namespace rbtree until after the copy succeeded. Calling freemntns will try to remove the copy from the rbtree which is...
Malicious code in pdm-skeleton (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8ba9c7f0e8687739c6047f24241f9e715c735f096f38643dc9c818c09d6cab2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8794 Malicious code in pdm-skeleton (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8ba9c7f0e8687739c6047f24241f9e715c735f096f38643dc9c818c09d6cab2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks
Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 CVSS score: 8.1, relates to a case of prompt injection...
CVE-2024-3137
Improper Privilege Management in uvdesk/community-skeleton...
CVE-2024-3137
CVE-2024-3137 affects uvdesk/community-skeleton. The issue is described as improper privilege management arising from inadequate access controls. According to the entry, the vulnerability has a CVSSv3 base score of 7.1 (HIGH): network attack vector, low attack complexity, privileges required: LOW...
CVE-2024-3137 Improper Privilege Management in uvdesk/community-skeleton
Improper Privilege Management in uvdesk/community-skeleton...
community-skeleton 安全漏洞
community-skeleton is a service-oriented, event-driven, extensible open source helpdesk system. A security vulnerability exists in uvdesk community-skeleton that stems from improper privilege management...
PT-2024-24015 · Unknown · Uvdesk Community Skeleton
Name of the Vulnerable Software and Affected Versions: uvdesk/community-skeleton affected versions not specified Description: The issue concerns improper privilege management. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...
CVE-2023-37636
A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...
CVE-2023-37635
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...
CVE-2023-37635
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...
CVE-2023-37636
A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...
Cross site scripting
A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...
Code injection
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...
PT-2023-26052 · Unknown · Uvdesk Community Skeleton
Name of the Vulnerable Software and Affected Versions: UVDesk Community Skeleton version 1.1.1 Description: The issue allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. This can be done through the login page, allowing attackers to...
CVE-2023-37636
CVE-2023-37636 concerns UVDesk Community Skeleton v1.1.1, with a stored XSS vulnerability in the Message field used when creating a ticket. The issue allows attackers to inject arbitrary web scripts/HTML, potentially affecting users who view crafted tickets. The primary technical detail across so...
CVE-2023-37635
CVE-2023-37635 affects UVDesk Community Skeleton v1.1.1, described as an unauthenticated brute-force login vulnerability that could allow access to the application. Concrete detail: login-page brute-force on UVDesk Community Skeleton 1.1.1. Root cause and exact exploit path are not detailed in th...