Fedora: Security Advisory for python-markdown-it-py (FEDORA-2023-8ff3ba5fb5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-21863 · Comrak · Comrak

Name of the Vulnerable Software and Affected Versions: comrak versions prior to 0.17.0 Description: The issue arises when a Comrak AST is constructed manually and then converted to HTML, as the HTML formatting code assumes the AST is well-formed. This assumption can be violated if the AST contain...

The vulnerability of the Convert::ASN1 module in the data processing library using ASN.1 definitions allows a attacker to cause a service failure.

The vulnerability of the Convert::ASN1 module in the data processing library that uses ASN.1 definitions allows for a loop with an unreachable exit condition. Exploiting this vulnerability can enable a malicious actor to cause service failures...

Aero CMS v0.0.1 - SQL Injection (no auth)

Exploit Title: Aero CMS v0.0.1 - SQL Injection no auth Date: 15/10/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://github.com/MegaTKC/AeroCMS Software Link: https://github.com/MegaTKC/AeroCMS Version: 0.0.1 Testeted on: Windows 10 using...

Aero CMS v0.0.1 - SQL Injection (no auth) Vulnerability

Exploit Title: Aero CMS v0.0.1 - SQL Injection no auth Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://github.com/MegaTKC/AeroCMS Software Link: https://github.com/MegaTKC/AeroCMS Version: 0.0.1 Testeted on: Windows 10 using XAMPP, Apache/2.4.48 Win64...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Debian: Security Advisory (DLA-273-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Adobe Bridge file manager, related to reading beyond the buffer in memory, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Adobe Bridge file manager is related to reading beyond the buffer boundary in memory during syntax analysis of embedded fonts. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created malicious fi...

GHSA-3738-P9X3-MV9R XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author

Impact It's possible to use the right of an existing document content author to execute a text area property. To reproduce: As an admin with programming rights, create a new user without script or programming right. Login with the freshly created user. Insert the following text in source mode in...

CVE-2023-26477

XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter URL parameter, in combination with additional parameters. This has been...

CVE-2023-26474 XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author

XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds...

CVE-2023-26474 XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author

XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds...

CVE-2023-26477 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter URL parameter, in combination with additional parameters. This has been...

[SECURITY] Fedora 36 Update: curl-7.82.0-13.fc36

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

OPENSUSE-SU-2023:0058-1 Security update for phpMyAdmin

This update for phpMyAdmin fixes the following issues: Update to 4.9.11: Fix an XSS attack through the drag-and-drop upload feature PMASA-2023-01, CWE-661, boo1208186, CVE-2023-25727 Fix broken pagination links in the navigation sidebar Fix syntax error for PHP 5 Fix hideconnectionerrors being...

K75543432: PHP vulnerability CVE-2017-11628

Security Advisory Description In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications th...

K61105950: iControl REST logs a plaintext password when the syntax of a cURL request is incorrect

Security Advisory Description The BIG-IP system logs the device password in plaintext. This issue occurs when the following condition is met: There are one or more syntax errors in the POST body of a REST token request. Impact Disclosure of the BIG-IP system's device password can lead to other...

Fedora: Security Advisory for curl (FEDORA-2023-ddf6575695)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE CVE-2003-0564

Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions S/MIME protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as...

SUSE CVE-2009-0591

The CMSverify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid...