PT-2023-24677 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.68 through 10.0.7 Description: The issue is related to an incorrect rights check on a file accessible by an authenticated user, allowing access to the list of all users and their personal information. Users should upgrade to...

CVE-2022-4143

An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab versions prior to 15.10 to 16.1, whi...

PT-2023-22051 · Ibm · Ibm Spectrum Protect Backup-Archive Client

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect Backup-Archive Client versions 8.1.0.0 through 8.1.17.2 Description: The issue allows a local user to escalate their privileges due to improper access controls. Recommendations: For versions 8.1.0.0 through 8.1.17.2, upda...

DATEV eG Personal-Management System 跨站脚本漏洞

DATEV eG Personal-Management System is a personnel management system from DATEV, Inc. A security vulnerability exists in DATEV eG Personal-Management System Comfort/Comfort Plus versions v15.1.0 through v16.1.1. An attacker could exploit the vulnerability by sending a specially crafted link to...

007putra-my-bot (=1.1.1), 03-asenkronsdasdsadavehttprequest (=1.0.0) +17780 more potentially affected by CVE-2022-25883 via semver (>=7.0.0 <=7.5.1)

semver NPM version =7.0.0, =7.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on semver and may be impacted: - 007putra-my-bot =1.1.1 - 03-asenkronsdasdsadavehttprequest =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 -...

agent-actors (=0.1.0), agent-reader (>=0.2.1 <=0.2.2) +176 more potentially affected by CVE-2023-34541 via langchain (>=0.0.100 <=0.0.246)

langchain PYPI version =0.0.100, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.1.0a0, =0.2.0, =0.1.3, =0.1.5 and more Source cves: CVE-2023-34541 Source advisory: OSV:GHSA-6643-H7H5-X9WH...

PT-2023-15805 · Unknown · Bisheng-Wnm Fw

Name of the Vulnerable Software and Affected Versions: BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta through BiSheng-WNM FW 3.0.0.325 Description: A system command injection issue allows for remote code execution upon successful exploitation. Recommendations: For BiSheng-WNM versions...

OpenZeppelin 安全漏洞

OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts version 4.7.0 through versions prior to 4.9.2. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or vendo...

cyfs-chunk-lib (=0.5.0), cyfs-cip (>=0.5.0 <=0.6.4) +1 more potentially affected by unknown CVE via cyfs-base (>=0.5.5 <=0.6.12)

cyfs-base CARGO version =0.5.5, =0.5.0, =0.6.4 - cyfs-core =0.5.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0046...

CVE-2022-33166

IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586...

DEBIAN-CVE-2023-30631

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.pushmethodenabled didn't function. However, by default the PUSH method is blocked in the ipallow configuration file.This issue affects Apache Traffic Server:...

DEBIAN-CVE-2023-33933

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions...

cpdb-libs 安全漏洞

cpdb-libs is an OpenPrinting open source front-end and back-end library for a generic print dialog. A security vulnerability exists in cpdb-libs versions 1.0 through 2.0b4, which stems from a buffer overflow due to improper use of scanf...

PT-2023-3292 · Teamviewer · Teamviewer Remote

Name of the Vulnerable Software and Affected Versions: TeamViewer Remote versions 15.41 through 15.42.7 Description: The issue is related to an improper authorization check of local device settings in TeamViewer Remote, allowing an unprivileged user to change basic local device settings even thou...

CVE-2022-47376

The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data...

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9.

...

PT-2023-3748 · Sap · Sap Netweaver

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Change and Transport System versions 702 through 757 Description: The issue is related to a lack of resource control mechanism in the Change and Transport System component of SAP NetWeaver. This allows an authenticated user with...

Chamilo LMS 代码问题漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS versions 1.11.0 through 1.11.1...

org.apache.nifi:nifi-dbcp-service-nar (>=1.16.0 <=1.21.0), org.apache.nifi:nifi-snowflake-services-nar (>=1.16.0 <=1.18.0) potentially affected by CVE-2023-34468 via org.apache.nifi:nifi-hikari-dbcp-service (>=1.16.0 <=1.21.0)

org.apache.nifi:nifi-hikari-dbcp-service MAVEN version =1.16.0, =1.16.0, =1.16.0, =1.18.0 Source cves: CVE-2023-34468 Source advisory: OSV:GHSA-XM2M-2Q6H-22JW...