CVE-2023-32652

PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks...

CVE-2023-32652 PiiGAB M-Bus Cross-site Scripting

PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks...

CVE-2023-32652

PiiGAB M-Bus is affected by CVE-2023-32652 due to not validating identification strings before processing, which can enable cross-site scripting (XSS). The vulnerability affects the M-Bus SoftwarePack 900S family and is documented across multiple feeds (NVD, CVE List, PRION, CNNVD, CISA ICS). The...

CVE-2023-25096

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

PiiGAB M-Bus 跨站脚本漏洞

PiiGAB M-Bus is a communication protocol used between meters and centralized data acquisition systems or prepaid units from PiiGAB. A cross-site scripting vulnerability exists in PiiGAB M-Bus version 900S, which stems from the fact that it will not validate identification strings and may be...

CVE-2023-36617

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...

Design/Logic Flaw

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...

ruby: ReDoS vulnerability in Time

A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service ReDoS...

Denial Of Service (DoS)

github.com/mattermost/mattermost-server is vulnerable to Denial Of Service DoS. The vulnerability exists because the Unescape function of inlines.go does not efficiently process Markdown strings, allowing an attacker to cause an application crash by sending a direct message containing a large...

MCL-Net 4.3.5.8788 Information Disclosure

Exploit Title: MCL-Net 4.3.5.8788 - Information Disclosure Date: 5/31/2023 Exploit Author: Victor A. Morales, GM Sectec Inc. Vendor Homepage: https://www.mcl-mobilityplatform.com/net.php Version: 4.3.5.8788 other versions may be affected Tested on: Microsoft Windows 10 Pro CVE: CVE-2023-34834...

Ubuntu 23.04 : Ruby vulnerabilities (USN-6181-1)

The remote Ubuntu 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6181-1 advisory. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker coul...

CVE-2023-2831 Denial of Service while unescaping a Markdown string

Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters...

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

[SECURITY] Fedora 37 Update: pypy-7.3.11-2.fc37

PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc This build of PyPy has JIT-compilation enabled...

CVE-2023-2603

A vulnerability was found in libcap. This issue occurs in the libcapstrdup function and can lead to an integer overflow if the input string is close to 4GiB...

apr-util: out-of-bounds writes in the apr_base64

A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...

apr-util: out-of-bounds writes in the apr_base64

A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...

Migrate Citrix Virtual Apps and Desktop databases to a new SQL server

Please follow these steps. 1.Close all instances of Citrix studio. Any configuration changes even through powershell to be stopped while following the stepsYou can power down DDCs to be extra cautious Take VM snapshot or take backup of all Delivery Controllers. 2. Take full backup of Site, Monito...

apr-util: out-of-bounds writes in the apr_base64

A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...

apr-util: out-of-bounds writes in the apr_base64

A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...