MoguBlog（蘑菇博客） 安全漏洞

MoguBlog is a microservices-based, front-end-backend separated blog system developed by Streamlet developers in China. There are security vulnerabilities in MoguBlog v2 5.2 and earlier versions. These vulnerabilities stem from improper handling of the LocalFileServiceImpl.uploadPictureByUrl...

CVE-2023-37650

A Cross-Site Request Forgery CSRF in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands...

CVE-2024-46538

A cross-site scripting XSS vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfacesgroupsedit.php...

CVE-2024-46538

A cross-site scripting XSS vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfacesgroupsedit.php...

CVE-2024-46538

A cross-site scripting XSS vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfacesgroupsedit.php...

NASA AIT-Core vulnerable to remote code execution

An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...

NASA AIT-Core uses unencrypted channels to exchange data over the network

NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack...

CVE-2024-35060

An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file...

CVE-2024-35057

An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet...

CVE-2024-35060

An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file...

CVE-2024-35059

CVE-2024-35059 affects NASA AIT-Core v2.5.2 and its Pickle-based processing. Red Hat entries describe an unencrypted network channel enabling a man-in-the-middle, which when chained with CVE-2024-35059 results in unauthenticated, fully remote code execution. The core issue is the use of Pickle wi...

CVE-2024-35060

CVE-2024-35060 affects NASA AIT-Core v2.5.2 due to a flaw in the YAML Python library that allows arbitrary command execution via a crafted YAML file. Affected component: YAML Python library; root cause described as an issue in the library. Impact per sources: attacker-executed commands. Remediati...

CVE-2024-35056

NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the querypackets and insert functions...

CVE-2024-35059

An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...

Cockpit CMS Cross-Site Request Forgery vulnerability

A Cross-Site Request Forgery CSRF in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands...

CVE-2023-37650

A Cross-Site Request Forgery CSRF in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands...

CVE-2023-37649

Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data...

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands...

User data in TPM attestation vulnerable to MITM

Impact Attestation user data such as the digest of the public key in an aTLS connection was bound to the issuer's TPM, but not to its PCR state. An attacker could intercept a node initialization, initialize the node themselves, and then impersonate an uninitialized node to the validator. In...

Delta Electronics DVW-W02W2-E2 2.42 Command Injection Vulnerability

Delta Electronics DVW-W02W2-E2 version 2.42 suffers from an authenticated command injection vulnerability. ------------------------------------------------------------------------------- title| Authenticated Command Injection product| Delta Electronics DVW-W02W2-E2 vulnerable version| V2.42 fixed...