PT-2023-32228

Name of the Vulnerable Software and Affected Versions ArslanSoft Education Portal versions prior to 1.1 Description The issue allows for the unrestricted upload of files with dangerous types, enabling the reading of sensitive strings within an executable. Recommendations For versions prior to 1.1...

Mattermost Denial of Service Vulnerability (CNVD-2023-9448306)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from an inability to properly limit the characters allowed in different fields of a block in Mattermost Boards, which can be exploit...

CVE-2023-4397

A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50W series firmware version 5.37, and USG20W-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause...

CVE-2023-4397

A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50W series firmware version 5.37, and USG20W-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause...

Mattermost 资源管理错误漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from an inability to properly limit the characters allowed in different fields of a block in Mattermost Boards, which can be exploit...

PT-2023-28094 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 773 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting XSS. This allows users with low privileges to introduce Javascript...

CLSA-2023-1700593371 Fix CVE(s): CVE-2023-22045, CVE-2023-22049

Backport upstream releases 8u382 to 16.04 LTS CVEs fixed in 8u382: - CVE-2023-22045: OpenJDK incorrectly handled array accesses. - CVE-2023-22049: OpenJDK incorrectly sanitized URIs strings...

The vulnerability of the STST TA component in Samsung Teegris’ Android operating system allows a hacker to execute arbitrary code.

The vulnerability of the STST TA component in Samsung Teegris’ Android operating system security system is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

CVE-2023-47128

Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...

PYSEC-2023-241

Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...

CVE-2023-47128 piccolo SQL Injection via named transaction savepoints

Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...

PT-2023-30331 · Piccolo · Piccolo

Name of the Vulnerable Software and Affected Versions: Piccolo versions prior to 1.1.1 Description: The handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. This could allow a malicious user to have direct access to the database an...

mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING

A flaw was found in the MariaDB Server. It contains a use-after-free in the component, mywildcmp8bitimpl at /strings/ctype-simple.c, affecting availability...

F5 Networks BIG-IP : Linux kernel vulnerability (K15412203)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K15412203 advisory. The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through...

The vulnerability of the software for managing access to the Omniverse platform, specifically NVIDIA Omniverse Workstation Launcher, relates to the ability to disclose information through query strings, allowing an intruder to gain unauthorized access to protected information.

The vulnerability of the NVIDIA Omniverse Workstation Launcher software relates to the disclosure of information through query strings. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

CVE-2022-3429

A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly...

Denial of service

A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly...

Exploit for Classic Buffer Overflow in Draytek Vigor3910_Firmware

CVE-2022-32548-RCE-POC DrayTek unauthenticated remote code exe...

PT-2023-13356 · Lenovo · Lenovo Printers

Name of the Vulnerable Software and Affected Versions: Lenovo printers affected versions not specified Description: A denial-of-service issue was found in the firmware used in Lenovo printers. It occurs when users send illegal or malformed strings to an open port, triggering a denial of service...

CVE-2023-3042

In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes // from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edittextinc.jsp , which should return a 404 response b...