Ascensio System ONLYOFFICE Document Server Security Vulnerability

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations. A security vulnerability exists in ONLYOFFICE Document Server versions 4.0.3 through 7.3.2. An attacke...

zola path traversal vulnerability

zola is a fast static site generator in a binary with everything built in. A security vulnerability exists in zola versions 0.13.0 through 0.17.2, which stems from a path traversal vulnerability in which the handlerequest function does not filter for special path controllers in the URL. An attack...

PT-2023-5399 · Unknown +1 · Opensuse-Welcome +1

Name of the Vulnerable Software and Affected Versions: opensuse-welcome versions 0.1 through 0.1.9+git.35.4b9444a Description: A local attacker can execute code as the user that runs opensuse-welcome if a custom layout is chosen, due to an Insecure Storage of Sensitive Information vulnerability...

PT-2023-4392 · Onlyoffice · Onlyoffice Document Server

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE Document Server versions 4.0.3 through 7.3.2 Description: The issue is related to a Memory Exhaustion vulnerability in the JavaScript File Handler component of ONLYOFFICE Document Server. This vulnerability allows remote attackers ...

OpenNMS Horizon Cross-Site Scripting Vulnerability

OpenNMS Horizon is an open source solution from OpenNMS, Inc. that helps you visualize and monitor everything on your local and remote networks. A security vulnerability exists in OpenNMS Horizon versions 31.0.8 through 32.0.2 that stems from a parameter not being cleaned...

PT-2023-27355 · Zola · Zola

Name of the Vulnerable Software and Affected Versions: zola versions 0.13.0 through 0.17.2 Description: An issue was discovered in the custom implementation of a web server, available via the "zola serve" command, which allows directory traversal. The handle request function, used by the server t...

Nextcloud user_oidc security vulnerability

Nextcloud useroidc is an application from Nextcloud, Germany. A security vulnerability exists in Nextcloud useroidc version 1.0.0 through versions prior to 1.3.3, which stems from a lack of validation of the issuer...

CVE-2023-38208

Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated...

PT-2023-5266 · Libreswan +5 · Libreswan +5

Name of the Vulnerable Software and Affected Versions: Libreswan versions 3.20 through 4.12 Description: An issue was discovered in Libreswan when an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1. This causes an error notify INVALID SPI to be sent back, but th...

org.craftercms:crafter-studio (>=3.0.0 <=3.1.27E) potentially affected by CVE-2023-4136 via org.craftercms:crafter-engine (>=3.0.0 <=3.1.27E)

org.craftercms:crafter-engine MAVEN version =3.0.0, =3.0.0, =3.1.27E Source cves: CVE-2023-4136 Source advisory: SNYK:JAVA-ORGCRAFTERCMS-8722255...

CVE-2023-39075

Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R builds 11.10.2021 to 16.01.2023 allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device...

CVE-2023-0632

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry...

@agrada_digital/pbm (>=0.0.88 <=0.2.7), @bella-ui/components (>=1.0.0 <=1.0.10) +228 more potentially affected by CVE-2023-37478 via pnpm (>=0.21.0 <=7.2.1)

pnpm NPM version =0.21.0, =0.0.88, =1.0.0, =0.1.5, =1.0.0, =1.0.0, =0.2.2, =2.1.1, =0.1.16, =0.2.1, =0.1.0, =0.1.0, =0.8.2 and more Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

org.apache.nifi:nifi-jms-processors-nar (>=0.6.0 <=1.22.0) potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-jms-processors (>=0.6.0 <=1.22.0)

org.apache.nifi:nifi-jms-processors MAVEN version =0.6.0, =0.6.0, =1.22.0 Source cves: CVE-2023-36542 Source advisory: OSV:GHSA-R969-8V3H-23V9...

org.apache.nifi:nifi-hbase_2-client-service-nar (>=1.10.0 <=1.22.0) potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-hbase_2-client-service (>=1.10.0 <=1.22.0)

org.apache.nifi:nifi-hbase2-client-service MAVEN version =1.10.0, =1.10.0, =1.22.0 Source cves: CVE-2023-36542 Source advisory: OSV:GHSA-R969-8V3H-23V9...

CVE-2023-33742

TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive Information: RSA private key in Update.exe...

Tolgee 安全漏洞

Tolgee is an open source multilingual translation and localization platform designed to help development teams easily manage and maintain multilingual software applications and websites. A security vulnerability exists in Tolgee versions 3.14.0 through 3.23.1 that stems from the fact that when a...

PT-2023-16958 · Gitlab · Gitlab Dast Api Scanner +1

Name of the Vulnerable Software and Affected Versions: GitLab DAST scanner versions 3.0.29 through 4.0.5 Description: An issue has been discovered in the GitLab DAST scanner where it leaks cross-site cookies on redirect during authorization. Recommendations: For versions 3.0.29 through 4.0.5,...

PT-2023-14301 · Gx · Xperiencentral

Name of the Vulnerable Software and Affected Versions: GX Software XperienCentral versions 10.33.1 through 10.35.0 Description: The issue concerns invalid data input due to bypassed form validation in Interactive Forms IAF. Recommendations: For GX Software XperienCentral versions 10.33.1 through...

GX Software XperienCentral 输入验证错误漏洞

GX Software XperienCentral is a CMS from GX Software. A security vulnerability exists in GX Software XperienCentral versions 10.33.1 through 10.35.0, which stems from an easy bypass of the validation of Interactive Forms IAF...