PT-2023-24562 · Unisoc (Shanghai) Technologies Co. +1 · Sc7731E/Sc9832E/Sc9863A/T606/T612/T616/T610/T618 +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a possible missing permission check in the vowifi service. This could lead to local information disclosure with no additional executi...

CVE-2023-2885 Channel Accessible by Non-Endpoint in CBOT's Chatbot

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle AiTM. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

SUSE CVE-2015-8720

The dissectberGeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service application crash via a crafted packet...

CVE-2022-4295 Show All Comments < 7.0.1 - Reflected XSS

The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin...

PYSEC-2022-43163

WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package...

GHSA-VRWX-Q9PJ-X488 Liferay Portal and Liferay DXP Bypass via Double Encoded URL

In Liferay Portal before 7.3.1, com.liferay.portal:com.liferay.portal.impl before 7.1.3 and 7.4.0, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs...

TYPO3 vulnerable to remote authenticated arbitrary code execution

The File Abstraction Layer FAL in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250...

CVE-2022-1388

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End o...

CVE-2020-14378

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the movedesc function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause movedesc to get stuck in a 4,294,967,295-count iteration loop. Depending on how vhostcrypto is...

SUSE-SU-2020:1990-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 bsc1173998: + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. +...

CVE-2019-20899

The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1...

PVS Bootstrap configuration missing after updating to 1912 LTSR or 2203 CUs

Error - There must be at least 1 and at most 4 logon servers in the list Bootstrap configuration missing post update to 1912 .CU X / 2203 .CU x...

CVE-2019-17022

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

CVE-2019-17024

Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 68.4 and...

Desktop Viewer crashes on startup for Workspace App for Mac 18.08 to 19.03 on MacOS Mojave 10.14.x

Viewer crash with Workspace app for Mac 18.12 and later and MacOS Mojave...

NetScaler Gateway 11.0 VPN Client and EPA Plug-in Does Not Work With Chrome Version 42 and Later

The Client and EPA Plug-ins don't work with the latest Chrome versions as support for NPAPI is disabled by default. The support will be deprecated entirely in Chrome version 45 in September 2015. From Chrome version 42, all NPAPI plugins will appear as if they are not installed. This will affect...

Reciever 4.8 - Unable to open the Url -Only Http and Https Urls can be opened

when launching published content from receiver 4.6 onward versions, we get error :"Only Http and Https Urls can be opened"...

USN-3184-1 irssi vulnerabilities

It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's window contents. CVE-2016-7553 Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. A remote attacker could use this issue to cause Irssi t...

YaPiG 0.9x - &#039;upload.php&#039; Directory Traversal

source: https://www.securityfocus.com/bid/13877/info YaPiG is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An authorized user can add and delete arbitrary directories outside of the gallery directory by...

CVE-2005-0593

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via 1 a web site that does not finish loading, which shows the lock of the previous site, 2 a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake ...