abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +138 more potentially affected by CVE-2023-48291 via apache-airflow (>=1.8.2 <=2.7.3)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-48291 Source advisory: OSV:PYSEC-2023-265...

CVE-2023-47093

An issue was discovered in Stormshield Network Security SNS 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine...

SmarterTools SmarterMail Security Breach

SmarterTools SmarterMail is a set of mail server software from SmarterTools. The software supports spam filtering, statistics, Simple Mail Transfer Protocol SMTP authentication, and other features. A security vulnerability exists in SmarterTools SmarterMail versions 8495 through 8664, which stems...

PT-2023-30705 · Smartertools · Smartermail

Name of the Vulnerable Software and Affected Versions: SmarterTools SmarterMail versions 8495 through 8664 Description: The issue allows stored XSS via a crafted description of a Calendar appointment. Recommendations: For versions 8495 through 8664, update to version 8747 or later to resolve the...

3m (=0.1.0), accord-nlp (>=0.1.0 <=0.1.8) +809 more potentially affected by CVE-2023-7018 via transformers (>=2.10.0 <=4.35.2)

transformers PYPI version =2.10.0, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.3.0, =0.1.0, =0.1.0, =0.0.1, =0.0.4, =0.0.4, =0.0.11, =0.0.13, =0.0.15, =1.2.3, =1.3.106 and more Source cves: CVE-2023-7018 Source advisory: OSV:PYSEC-2023-301...

CVE-2023-49148

Cross-Site Request Forgery CSRF vulnerability in Kulwant Nagi Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5...

org.wso2.identity.apps:org.wso2.identity.apps.authentication.portal.server.feature (>=0.1.125 <=1.6.179) potentially affected by CVE-2023-6837 via org.wso2.identity.apps:authentication-portal (>=0.1.125 <=1.6.179)

org.wso2.identity.apps:authentication-portal MAVEN version =0.1.125, =0.1.125, =1.6.179 Source cves: CVE-2023-6837 Source advisory: OSV:GHSA-F6JM-9PR8-9C3W...

CVE-2023-48050

SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance aka odoo-biometric-attendance v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py...

ZKTeco ZKBio Time Security Vulnerability

ZKTeco ZKBio Time is a powerful web-based time and attendance management software from China-based ZKTeco. Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance A security vulnerability exists in versions 13.0 through 16.0.1, which stems from an SQL injection...

CVE-2023-45184

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270...

PT-2023-29889 · Ibm · Ibm Sterling Secure Proxy

Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy versions 6.0.3 through 6.1.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trust...

2vyper (=0.3.0), ape-safe (=0.6.0) +27 more potentially affected by CVE-2023-46247 via vyper (>=0.1.0b12 <=0.3.7)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.3.5 and more Source cves: CVE-2023-46247 Source advisory: OSV:PYSEC-2023-307...

com.sap.cds:cds-feature-identity (>=2.0.1 <=2.4.0), com.sap.cds:cds-starter-cloudfoundry (>=2.2.0 <=2.4.0) +7 more potentially affected by CVE-2023-50422 +1 more via com.sap.cloud.security:java-security (>=3.0.0 <=3.2.1)

com.sap.cloud.security:java-security MAVEN version =3.0.0, =2.0.1, =2.2.0, =2.2.0, =1.0.4, =1.0.4, =1.0.4, =3.0.0, =3.0.0, =3.0.0, =3.2.1 Source cves: CVE-2023-50422, CVE-2023-50424 Source advisory: OSV:GHSA-59C9-PXQ8-9C73...

PT-2023-8845 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 10.0.0 through 10.0.10 Description: The issue is related to the saved search feature in GLPI, which can be used to perform a SQL injection. This allows a remote attacker to execute arbitrary code. The vulnerability is due to the...

Dasan W-Web OS Command Injection Vulnerability

Dasan W-Web is a network appliance from Dasan. An operating system command injection vulnerability exists in Dasan W-Web versions 1.22-1.27, which stems from the presence of an operating system command injection vulnerability...

Checkmk Security Vulnerabilities

Checkmk is an editor. A security vulnerability exists in Checkmk versions 2.2.0p10 through 2.2.0p16, which stems from the use of user-controlled LDLIBRARYPATH in an agent, allowing an attacker to escalate privileges by injecting a malicious library...

GNU Tar Security Vulnerability

GNU Tar is a set of tools for creating tar-formatted files from the US GNU community. A security vulnerability exists in GNU Tar versions 1.0 through 1.34, which stems from improper handling of extended attributes in the PAX archive, allowing remote attackers to execute arbitrary code on the targ...

Infinite decoding loop through specially crafted payload

The Candid library causes a Denial of Service while parsing a specially crafted payload with empty data type. For example, if the payload is record ; empty and the canister interface expects record then the rust candid decoder treats empty as an extra field required by the type. The problem with...

Candid Security Breach

Candid is an Interface Description Language IDL used to interact with containers running on Internet computers. A security vulnerability exists in Candid versions 0.9.0 through 0.9.10, which stems from a denial of service when the Candid library parses a specially crafted payload with a data type...

CloudPanel Security Vulnerabilities

CloudPanel is a free software from CloudPanel open source. It is used to configure and manage servers. A security vulnerability exists in MGT CloudPanel versions 2.0.0 through 2.3.2, which stems from a vulnerability that allows a low-privileged user to achieve operating system command injection b...