4564 matches found
CVE-2023-47664
Cross-Site Request Forgery CSRF vulnerability in edwardplainview Plainview Protect Passwords.This issue affects Plainview Protect Passwords: from n/a through 1.4...
Rundeck Security Breach
Rundeck is an open source automation service with a web console, command line tools, and WebAPI from Rundeck Inc. in the United States, which is primarily used to run automation tasks. A security vulnerability exists in Rundeck versions 4.17.0 through 4.17.2, which stems from the fact that the jo...
mariadb: NULL pointer dereference in spider_db_mbase::print_warnings()
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spiderdbmbase::printwarnings to dereference a null pointer...
VulnCheck KEV: CVE-2021-39211
GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual...
VulnCheck KEV: CVE-2022-3980
An XML External Entity XEE vulnerability allows server-side request forgery SSRF and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +137 more potentially affected by CVE-2023-42781 via apache-airflow (>=1.8.2 <=2.7.2)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-42781 Source advisory: OSV:GHSA-R7X6-XFCM-3MXV...
mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Itemfuncin::cleanup/Item::cleanupprocessor...
In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3 the wrapper scripts do not properly parse command lines.
...
admin-tool-button (>=1.0.1a0 <=1.0.5a0), aedttest (=0.0.2) +125 more potentially affected by CVE-2023-46695 via django (>=3.2.0 <=3.2.22)
django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =1.0.6, =3.2.17.0, =6.2.0, =0.2.0, =0.1.0, =21.1.1, =21.1.0, =22.0.0.dev13, =22.0.0.dev14 and more Source cves: CVE-2023-46695 Source advisory: OSV:GHSA-QMF9-6JQF-J8FQ...
PT-2023-28779 · Zpe Systems · Nodegrid Os
Name of the Vulnerable Software and Affected Versions: ZPE Systems, Inc Nodegrid OS versions 5.0.0 through 5.0.17 ZPE Systems, Inc Nodegrid OS versions 5.2.0 through 5.2.19 ZPE Systems, Inc Nodegrid OS versions 5.4.0 through 5.4.16 ZPE Systems, Inc Nodegrid OS versions 5.6.0 through 5.6.13 ZPE...
CVE-2023-43322
ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/...
Microsoft Edge Resource Management Error Vulnerability
Microsoft Edge is a web browser from Microsoft Corporation USA that comes with systems after Windows 10. A resource management error vulnerability exists in Microsoft Edge versions 79.0.309.71 through 118.0.2088.69, which stems from a boundary error when processing PDF files, allowing remote...
0x-assert (>=0.0.2 <=0.0.3), 0xauth (>=0.0.5 <=0.1.0) +8686 more potentially affected by CVE-2023-46233 via crypto-js (>=3.1.2-1 <=4.1.1)
crypto-js NPM version =3.1.2-1, =0.0.2, =0.0.5, =1.0.0, =1.0.0, =1.34.1, =0.1.0, =4.11.2, =0.0.1, =3.3.9, =3.10.1, =0.0.16-0.1, =0.0.4, =0.0.7 and more Source cves: CVE-2023-46233 Source advisory: OSV:GHSA-XWCQ-PM8M-C4VF...
aadetools (>=0.0.3 <=0.0.5), adversarial-insight-ml (=0.1.0) +311 more potentially affected by CVE-2023-5752 via pip (>=10.0.0b2 <=23.2.1)
pip PYPI version =10.0.0b2, =0.0.3, =2.0.0, =0.1.2, =0.0.1, =1.8.15, =1.8.17, =0.1.0, =0.2.3, =1.8.14, =2022.7.7, =2.0.3, =1.2.0, =1.3.0 - ak-sw-benchmarker =0.0.9 and more Source cves: CVE-2023-5752 Source advisory: OSV:PYSEC-2023-228...
agent-actors (=0.1.0), agent-reader (>=0.2.1 <=0.2.2) +176 more potentially affected by CVE-2023-32785 via langchain (>=0.0.100 <=0.0.246)
langchain PYPI version =0.0.100, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.1.0a0, =0.2.0, =0.1.3, =0.1.5 and more Source cves: CVE-2023-32785 Source advisory: OSV:GHSA-8H5W-F6Q9-WG35...
org.apache.shenyu:shenyu-admin-dist (>=2.4.0 <=2.4.3) potentially affected by CVE-2023-25753 via org.apache.shenyu:shenyu-admin (>=2.4.0 <=2.4.3)
org.apache.shenyu:shenyu-admin MAVEN version =2.4.0, =2.4.0, =2.4.3 Source cves: CVE-2023-25753 Source advisory: OSV:GHSA-7W8V-5FCQ-PVQW...
aaronblaser-sdk (>=1.0.0 <=1.0.1), actoolkit (>=2.6.4 <=2.6.10) +300 more potentially affected by CVE-2023-45803 via urllib3 (>=2.0.0 <=2.0.6)
urllib3 PYPI version =2.0.0, =1.0.0, =2.6.4, =0.0.1, =0.1.1, =0.5.0, =0.1.23, =0.4.3, =0.0.1b0, =0.4.1, =0.5.5 - amplitude-data-wrapper =0.4.1 and more Source cves: CVE-2023-45803 Source advisory: OSV:PYSEC-2023-212...
Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerabilities
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
PT-2023-6653 · Elastic · Agent +2
Name of the Vulnerable Software and Affected Versions: Elastic Endpoint versions 7.9.0 through 8.10.3 Description: The issue is related to insufficient protection of registration data in Elastic Endpoint, which can allow a remote attacker to disclose protected information. When Elastic Endpoint i...
Apache InLong 代码问题漏洞
Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A code issue vulnerability exists in Apache InLong versions 1.4.0 to 1.8.0, which stems from the fact that some sensitive parameter...