Oracle Linux 8 : nodejs:16 (ELSA-2024-1444)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1444 advisory. - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 nodejs-nodemon nodejs-packaging Tenable h...

CVE-2023-48730

A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...

WWBN AVideo userRecoverPass.php recoverPass generation insufficient entropy vulnerability

Talos Vulnerability Report TALOS-2023-1896 WWBN AVideo userRecoverPass.php recoverPass generation insufficient entropy vulnerability January 10, 2024 CVE Number CVE-2023-49589 SUMMARY An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of...

CVE-2023-1997 OS Command Injection vulnerability affecting SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x

An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution...

IBM Security Verify Access Input Validation Error Vulnerability (CNVD-2023-41894)

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. IBM Security Verify Access suffers from an input validation error vulnerability that stems from improper input validation of the application, which can be exploited by an...

Server side request forgery (ssrf)

The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...

Micrium uC-HTTP HTTP Server unchecked return value denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...

Debian: Security Advisory (DLA-2196-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-7539

On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request such as GET /../../../../../../../../../../../../etc/passwd to the web server fuzzd/0.1.1 running the Maintenance Center on port TCP/8088. This can lead to full...

Cart Engine 3.0 XSS / Open Redirect / SQL Injection

=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...