PT-2023-31169 · Wolters Kluwer · Wolters Kluwer B.Point

Name of the Vulnerable Software and Affected Versions: Wolters Kluwer B.POINT version 23.70.00 Description: The issue allows a validated system user to achieve remote code execution via Argument Injection in the server-to-server module during the authentication phase. Recommendations: For version...

Dompdf Security Vulnerabilities

Dompdf is an HTML to PDF converter. A security vulnerability exists in Dompdf versions prior to 2.0.4, which stems from a recursive link that is not properly validated and may exhaust the memory available to the executing process and/or the server itself...

Cross-site Scripting (XSS)

com.liferay.portal is vulnerable to Cross-Site Scripting. The vulnerability exists due to a lack of user input validated in the plbackurltitle parameter, which allows an attacker to inject and execute malicious JavaScript...

openshift: OCP & FIPS mode

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

python-django: Potential bypass of validation when uploading multiple files using one form field

A bypass of validation flaw was found in python-django. When uploading multiple files using one form field, an attacker could upload multiple files without validation due to the server only validating the last file uploaded...

Improper Access Control

gitlab is vulnerable to Improper Access Control. The vulnerability exists due to a lack of validated access control, which allows an attacker to use social engineering to bypass the security controls...

openshift: OCP & FIPS mode

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

openshift: OCP & FIPS mode

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

CVE-2023-3089

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

CVE-2023-3089 Ocp & fips mode

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

CVE-2023-2829

A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through...

CVE-2023-1664

A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If...

Google Announces New Privacy, Safety, and Security Features Across Its Services

Google unveiled a slew of new privacy, safety, and security features today at its annual developer conference, Google I/O. The tech giant's latest initiatives are aimed at protecting its users from cyber threats, including phishing attacks and malicious websites, while providing more control and...

PYSEC-2023-61

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...

PT-2023-17430 · Froxlor · Froxlor

Name of the Vulnerable Software and Affected Versions: froxlor versions prior to 2.0.14 Description: The issue concerns the unrestricted upload of files with dangerous types in the GitHub repository froxlor/froxlor. Specifically, image files uploaded were not properly validated, which could resul...

ROS-20230414-02

DNS server BIND vulnerability is related to reachable assertion in DNS query processing. Exploitation The vulnerability allows an attacker acting remotely to send repeated patterns of specific requests to servers with DNSSEC-Validated Cache synth-from-rom enabled. queries to servers with the...

CVE-2023-29389

Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated"...

VulnCheck KEV: CVE-2023-29389

Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated"...

Upgraded Q -> 3 from #88 [1679874647648]

Judge has assessed an item in Issue 88 as 3 risk. The relevant finding follows: L-2 Invalid and stale prices from Synthethix are not validated --- The text was updated successfully, but these errors were encountered: All reactions...

SUSE CVE-2018-8930

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3...