CVE-2023-32687

tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...

tgstation-server 安全漏洞

tgstation-server is a toolset for managing production BYOND servers. A security vulnerability exists in tgstation-server versions prior to 4.7.0 through 5.12.1, which stems from overstepping the authority to read chatbot connection strings...

PT-2023-23962 · Unknown · Tgstation-Server

Name of the Vulnerable Software and Affected Versions: tgstation-server versions 4.7.0 through 5.12.1 Description: The issue allows instance users with the list chat bots permission to read chat bot connection strings without the required permission. This affects a significant number of devices,...

ruby: ReDoS vulnerability in Time

A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service ReDoS...

Apache Tomcat 8.5.85 < 8.5.88 DoS

The version of Tomcat installed on the remote host is prior to 8.5.88. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.88security-8 advisory. The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to...

CVE-2023-31689

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...

CVE-2023-31689

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...

apr-util: out-of-bounds writes in the apr_base64

A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...

CVE-2023-29927

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...

CVE-2023-29927

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...

apr-util: out-of-bounds writes in the apr_base64

A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...

apr-util: out-of-bounds writes in the apr_base64

A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...

apr-util: out-of-bounds writes in the apr_base64

A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...

CVE-2023-29927

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...

CVE-2023-29927

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...

Sage Group Sage 300 安全漏洞

Sage Group Sage 300 is a well-established closed-source Enterprise Resource Planning ERP solution from Sage Group, UK, designed to facilitate ... A security vulnerability exists in Sage Group Sage 300. An attacker can exploit the vulnerability to recover used SQL connection strings and can create...

Linux Kernel Race Condition Vulnerability

Linux Kernel contains a race condition vulnerability within the nttywrite function that allows local users to cause a denial-of-service DoS or gain privileges via read and write operations with long strings...

VulnCheck KEV: CVE-2014-0196

Linux Kernel contains a race condition vulnerability within the nttywrite function that allows local users to cause a denial-of-service DoS or gain privileges via read and write operations with long strings...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2023-1810)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific...

PT-2023-2696 · Microsoft · Remote Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Windows 10 version 22H2 Description: The issue exists due to insufficient input validation in the Remote Desktop Client of the Windows operating system. This allows an attacker to execute arbitrary code, potentially impacting the system. The...