PT-2023-22684 · Dotcms · Dotcms

Name of the Vulnerable Software and Affected Versions: dotCMS versions prior to 23.06 dotCMS versions prior to LTS 22.03.7 dotCMS versions prior to LTS 23.01.4 Description: A flaw in the NormalizationFilter of dotCMS does not strip double slashes // from URLs, potentially enabling bypasses for XS...

CVE-2023-39332

Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...

The vulnerability of the FortiOS operating system, related to the exposure of information through query strings, allows attackers to view open text passwords of deleted services such as RDP or VNC.

The vulnerability of the FortiOS operating system’s request method is related to the disclosure of information through the request strings. Exploiting this vulnerability allows a malicious actor to remotely access open text passwords of deleted services, such as RDP or VNC...

Fortinet Fortigate Plain-text credentials in GET request via SSL VPN web portal (FG-IR-23-120)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-120 advisory. - A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 an...

Cross site request forgery (csrf)

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services...

CVE-2023-43697

Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...

Privilage Escalation

gitlab is vulnerable to Privilage Escalation. The vulnerability allows an attacker to take over GitLab Pages with unique domain URLs if they know the added random string...

CVE-2023-21266

creationtimestamp| type| source ---|---|--- 2023-10-06 22:13:39+00:00| seen| https://t.me/cibsecurity/71752 2023-12-28 01:19:53+00:00| seen| https://t.me/arpsyndicate/2172 2024-01-19 19:27:03+00:00| seen| https://t.me/arpsyndicate/2953 2025-05-05 15:20:17+00:00| published-proof-of-concept|...

Important: ansible

Issue Overview: A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special templa...

systeminformation SSID Command Injection Vulnerability

Impact SSID Command Injection Vulnerability Patches Problem was fixed with a parameter check. Please upgrade to version = 5.21.7, Version 4 was not affected Workarounds If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to wifiConnections, wifiNetworks string on...

CVE-2023-42447 blurhash panics on parsing crafted inputs

blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on...

CVE-2023-41349

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity...

CVE-2023-41349

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity...

Fedora: Security Advisory for rubygem-activesupport (FEDORA-2023-4f0bb4ff5e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: rubygem-activesupport-7.0.7.2-1.fc39

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing...

The vulnerability of the iperf function in the application software interface for ASUS RT-AX55, RT-AX56U, and RT-AC86U routers allows a hacker to execute arbitrary code.

The vulnerability of the iperf function in the application programming interface for ASUS RT-AX55, RT-AX56UV2, and RT-AC86U routers is related to the use of uncontrolled format strings. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially created data...

The vulnerability of the application software interface of ASUS RT-AX55, RT-AX56U, and RT-AC86U allows a hacker to execute arbitrary code.

The vulnerability of the application software interface of ASUS RT-AX55, RT-AX56UV2, and RT-AC86U lies in the use of uncontrolled format strings. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially created data...

CVE-2021-36159

libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the...

Security Bulletin: IBM Robotic Process Automation is vulnerable to sensitive information disclosure in installation logs (CVE-2023-38733)

Summary IBM Robotic Process Automation server could allow an authenticated user to view sensitive information from installation logs. Authenticated users are able to view database connection strings in the IBM Robotic Process Automation installation logs. Vulnerability Details CVEID:CVE-2023-3873...

PT-2023-7251 · Zyxel · Zyxel Usg Flex Series +3

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series version 5.37 Zyxel USG FLEX series version 5.37 Zyxel USG FLEX 50W series version 5.37 Zyxel USG20W-VPN series version 5.37 Description: A buffer overflow issue in the firmware could allow an authenticated local attacker with...