Vyper Security Vulnerability

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper versions 0.2.9 through 0.3.10, which stems from the fact that locks of type @nonreentrant or @nonreentrant are not reentrant-checked at runtime...

anomalib-orobix (>=0.7.0.dev134 <=0.7.0.dev143), aqueduct-llm (=0.0.1) +26 more potentially affected by CVE-2023-41626 via gradio (>=1.7.7 <=3.27.0)

gradio PYPI version =1.7.7, =0.7.0.dev134, =0.1.9, =0.1.0, =0.7.3, =0.0.2, =0.1.1, =1.0.4, =0.0.3, =1.0.3, =0.0.1, =2.0.0rc3, =2.2.1 and more Source cves: CVE-2023-41626 Source advisory: OSV:GHSA-V4Q9-QGQF-7JWP...

PT-2023-5448

Name of the Vulnerable Software and Affected Versions GitLab EE versions 13.12 through 16.2.7 GitLab EE versions 16.3 through 16.3.4 GitLab Community Edition CE versions 13.12 through 16.2.7 GitLab Community Edition CE versions 16.3 through 16.3.4 Description The issue is related to a flaw in...

CVE-2023-41592

Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2023-42178

Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module...

CVE-2023-42178

Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module...

FortiTester Trust Management Issues Vulnerabilities

FortiTester is a Fortinet professional-based network traffic testing tool from FortiTester, Inc. A security vulnerability exists in FortiTester versions 2.3.0 through 7.2.3, which stems from the presence of a hard-coded credentials vulnerability that could allow an attacker who successfully obtai...

SUSE CVE-2023-4874

Null pointer dereference when viewing a specially crafted email in Mutt 1.5.2 2.2.12...

SAP S/4HANA Code Issue Vulnerability

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A code issue vulnerability exists in SAP S/4HANA, which arises from a Create Single Payment application that allows an attacker to upload an XML file as an attachment and...

CVE-2023-36497

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 could allow a guest user to elevate to admin privileges...

CVE-2023-38256

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 vulnerable to a path traversal attack, which could allow an attacker to access files stored on the system...

PT-2023-27931 · Sap · S/4Hana

Name of the Vulnerable Software and Affected Versions: S4 HANA versions 102 through 107 Description: The OData service of the S4 HANA, specifically in the Manage checkbook apps, allows an attacker to change the checkbook name by simulating an update OData call. Recommendations: For versions 102...

@buttercup/diag (>=0.1.0 <=0.2.0), bcup-cli (>=1.0.0 <=1.2.0) +2 more potentially affected by CVE-2023-41646 via buttercup (>=3.0.0 <=6.17.2)

buttercup NPM version =3.0.0, =0.1.0, =1.0.0, =1.0.1, =0.2.3, =0.2.4 Source cves: CVE-2023-41646 Source advisory: OSV:GHSA-7CWQ-P8CR-H9QG...

PT-2023-23104 · Ibm · Ibm Aspera Faspex

Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex versions 4.0 through 4.4.2 IBM Aspera Faspex versions 5.0 through 5.0.5 Description: The issue allows a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. Recommendations: For IBM...

HashiCorp Terraform Path Traversal Vulnerability

HashiCorp Terraform is an open source tool for provisioning and managing cloud infrastructure from HashiCorp, USA. A security vulnerability exists in Terraform versions 1.0.8 through 1.5.6, which stems from allowing arbitrary files to be written during an init operation...

PT-2023-27825 · F-Revocrm · F-Revocrm

Name of the Vulnerable Software and Affected Versions: F-RevoCRM versions 7.3.0 through 7.3.7 Description: The issue is a cross-site scripting vulnerability. If exploited, it allows an arbitrary script to be executed on the web browser of the user using the product. Recommendations: For versions...

agent-actors (=0.1.0), agent-lab-sdk (>=0.1.7 <=0.1.16) +249 more potentially affected by CVE-2023-39631 via langchain (>=0.0.100 <=0.0.306)

langchain PYPI version =0.0.100, =0.1.7, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.0.40 and more Source cves: CVE-2023-39631 Source advisory: OSV:GHSA-F73W-4M7G-CH9X...

CVE-2023-39582

SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions...

PT-2023-16858 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 4.1 through 16.1.4 GitLab versions 16.2 through 16.2.4 GitLab versions 16.3 through 16.3.0 Description: An issue has been discovered in GitLab where it was possible to create a URL that would redirect to a different project...

Security Bulletin: A vulnerability in Microsoft ASP.NET affects IBM Robotic Process Automation and may result in a denial of service (CVE-2022-29117)

Summary Microsoft ASP.NET is used by IBM Robotic Process Automation as part of the application framework. CVE-2022-29117 Vulnerability Details CVEID:CVE-2022-29117 DESCRIPTION: Microsoft ASP.NET and Visual Studio are vulnerable to a denial of service. By sending a specially-crafted request, a...