PT-2023-29521 · Unknown · Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities in the Online Food Ordering System. Specifically, the deleted parameter of the routers/user-router.php resource doe...

PT-2023-29831 · Lenovo · Thinksystem

Name of the Vulnerable Software and Affected Versions: ThinkSystem versions v2 and v3 Description: An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. Recommendations: For ThinkSystem versions v2 and v3, consider...

PT-2023-28910 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.4.0 through 1.8.0 Description: The issue is related to Insufficient Verification of Data Authenticity in Apache InLong, allowing a general user to view all user data, including data from Admin accounts. Recommendation...

PT-2023-29077 · Zpe Systems · Nodegrid Os

Name of the Vulnerable Software and Affected Versions: ZPE Systems, Inc Nodegrid OS versions 5.8.10 through 5.8.13 ZPE Systems, Inc Nodegrid OS versions 5.10.3 through 5.10.5 Description: An issue in the TACACS+ server component allows a remote attacker to obtain sensitive information...

SUSE-SU-2023:4050-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2023-5341: Fixed a heap use-after-free in coders/bmp.c. bsc1215939...

PT-2023-6080 · Siemens · Simatic Cp 1628 +4

Name of the Vulnerable Software and Affected Versions: SIMATIC CP 1604 versions all SIMATIC CP 1616 versions all SIMATIC CP 1623 versions all SIMATIC CP 1626 versions all SIMATIC CP 1628 versions all Description: The issue is related to insufficient control of access to memory DMA, which could...

SUSE-SU-2023:3968-1 Security update for libraw

This update for libraw fixes the following issues: - CVE-2020-22628: Fixed buffer overflow vulnerability in LibRaw::stretch function in libraw\src\postprocessing\aspectratio.cpp. bsc1215308...

PT-2023-29325 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro version 2.2.0 Description: An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro allows attackers to execute arbitrary code via uploading a crafted PHP file. Recommendations: For Emlog Pro version...

PT-2023-5691

Name of the Vulnerable Software and Affected Versions: Cisco IOS and IOS XE Software affected versions not specified Description: A vulnerability in the Cisco Group Encrypted Transport VPN GET VPN feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacke...

PT-2023-27335 · Unknown · Welcart E-Commerce

Name of the Vulnerable Software and Affected Versions: Welcart e-Commerce versions 2.7 to 2.8.21 Description: The issue allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory. Recommendations: For Welcart e-Commerce versions 2.7 to 2.8.21, consider...

SUSE-SU-2023:3635-1 Security update for flac

This update for flac fixes the following issues: - CVE-2020-22219: Fixed a buffer overflow in function bitwritergrow which might allow a remote attacker to run arbitrary code via crafted input to the encoder. bsc1214615...

PT-2023-27743 · China Mobile · China Mobile Intelligent Home Gateway

Name of the Vulnerable Software and Affected Versions: China Mobile Intelligent Home Gateway version v.HG6543C4 Description: The issue allows a remote attacker to execute arbitrary code via the shortcut telnet.cg component. This enables the attacker to potentially gain control over the affected...

PT-2023-5188 · Unknown · Qms Automotive

Name of the Vulnerable Software and Affected Versions: QMS Automotive versions prior to V12.39 Description: A vulnerability has been identified in the affected application, allowing users to upload arbitrary file types. This could allow an attacker to upload malicious files, potentially leading t...

PT-2023-27996 · Couchcms · Couchcms

Name of the Vulnerable Software and Affected Versions: CouchCMS version 2.3 Description: An open redirect issue exists in the sanitize url parameter, allowing attackers to redirect users to arbitrary websites via crafted URLs. Recommendations: For CouchCMS version 2.3, consider disabling the...

PT-2023-27080 · Unknown · Free/Open Source Inventory Management System

Name of the Vulnerable Software and Affected Versions: Free and Open Source Inventory Management System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Name, Address, and Company parameters under the Add Member...

PYSEC-2023-269

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...

CLSA-2023-1692295986 Fix CVE(s): CVE-2023-30577, CVE-2022-37705

SECURITY UPDATE: privilege escalation through runtar SUID program - debian/patches/CVE-2022-37705.patch: filter tar options - CVE-2022-37705 SECURITY UPDATE: privilege escalation through runtar SUID program - debian/patches/CVE-2023-30577.patch: introduce tar option allow list - CVE-2023-30577...

SUSE-SU-2023:3348-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: - Update to 14.9 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. bsc1214059...

OpenZeppelin Contracts vulnerable to Improper Escaping of Output

Impact OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata...

PT-2023-25028 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS versions through 5.7.109 Description: The issue allows remote attackers to run arbitrary code via a crafted POST request to the "/dede/tpl.php" API endpoint. This enables attackers to execute arbitrary code on the affected system...