datapoints (>=0.0.1 <=0.0.2), hvl-ccb (>=0.12.0 <=0.12.3) potentially affected by CVE-2023-26151 via asyncua (>=0.9.94 <=0.9.95)

asyncua PYPI version =0.9.94, =0.0.1, =0.12.0, =0.12.3 Source cves: CVE-2023-26151 Source advisory: SNYK:PYTHON-ASYNCUA-5673709...

PT-2023-23159 · Samsung · Samsung Exynos Modem

Name of the Vulnerable Software and Affected Versions: Samsung Exynos Modem versions 5123 through 5300 Description: An issue was discovered in the Shannon RCS component. Incorrect resource transfer between spheres can cause changes to the activation mode of RCS via a crafted application...

PT-2023-18358 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.7 through 15.10.7 GitLab CE/EE versions 15.11 through 15.11.6 GitLab CE/EE versions 16.0 through 16.0.1 Description: A Regular Expression Denial of Service issue was discovered, allowing attackers to send crafted...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from a regular...

CVE-2023-33651

An issue in the MVC Device Simulator of Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules...

@4399ywkf/bundler-vite (>=4.0.61 <=4.0.84), @4399ywkf/js (>=4.0.61 <=4.0.84) +46 more potentially affected by CVE-2023-34092 via vite (>=4.1.0 <=4.1.4)

vite NPM version =4.1.0, =4.0.61, =4.0.61, =4.0.61, =4.0.61, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.0-canary-20230215113341, =4.6.2, =11.6.5, =5.3.8, =5.0.0, =5.0.1 and more Source cves: CVE-2023-34092 Source advisory: OSV:GHSA-353F-5XF4-QW67...

@alioth_91/alita (>=3.3.9-patch.1 <=3.3.9-patch.2), @alitajs/vue-i18n (>=0.0.7 <=0.0.8) +98 more potentially affected by CVE-2023-34092 via vite (>=4.3.0 <=4.3.8)

vite NPM version =4.3.0, =3.3.9-patch.1, =0.0.7, =0.0.7, =0.0.7, =0.0.7, =0.0.7, =0.0.1, =0.0.1, =16.0.0, =2.0.0, =12.0.0, =0.0.0-canary-20230426131112, =0.0.1, =0.0.12 - @deconz-community/directus-extension-ddf-store =0.1.0 and more Source cves: CVE-2023-34092 Source advisory:...

PT-2023-2999 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions 3.0;0 through 3.07.01 NEXUS Series versions 3.0;0 through 3.07.01 MATRIX Series versions 3.0;0 through 3.07.01 Description: The issue is related to improper privilege management, which can allow an attacker to...

ReadyMedia 缓冲区错误漏洞

ReadyMedia formerly known as MiniDLNA is a suite of media service software compatible with LNA/UPnP-AV clients. The software supports music, picture, video and other media files. A security vulnerability exists in ReadyMedia versions 1.1.15 through 1.3.2, which stems from the presence of a buffer...

Wireshark 缓冲区错误漏洞

Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in Wireshark that stems from an IEEE C37.118 Synchronized Phase...

CVE-2023-2549

The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This makes it possible for unauthenticated attackers to create a ne...

CVE-2023-2545

The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level...

PT-2023-24358 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R versions V9.1.0u.6118 B20201102 through V9.1.0u.6369 B20230113 Description: The issue is a post-authentication buffer overflow that occurs via the sPort/ePort parameter in the addEffect function. Recommendations: For TOTOLINK...

CVE-2022-36244

Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting XSS vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za controlpanel.shopbeat.co.za...

CVE-2022-36249

Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API...

PT-2023-24198 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions 3.0.0 through 3.3.4 Description: Xibo is a content management system CMS that has an issue where some API routes print a stack trace when called with missing or invalid parameters, revealing sensitive information about the...

ai.ylyue:yue-library-base (=j11.2.6.2), ai.ylyue:yue-library-data-es (=j11.2.6.2) +3476 more potentially affected by CVE-2023-20883 via org.springframework.boot:spring-boot-autoconfigure (>=2.6.0 <=2.6.14)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =2.6.0, =2.2.53, =0.23.9, =0.1.2, =5.7.0, =5.7.7, =5.7.0, =6.4.7 and more Source cves: CVE-2023-20883 Source advisory: OSV:GHSA-XF96-W227-R7C4...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-synapse-testutils (>=1.65.0.0 <=1.68.0.0) +7 more potentially affected by CVE-2022-39335 via matrix-synapse (>=0.33.9 <=1.68.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2022-39335 Source advisory: OSV:PYSEC-2023-65...

PT-2023-17686 · Unknown · Cloud Foundry

Name of the Vulnerable Software and Affected Versions: Cloud Foundry routing release versions 0.262.0 through 0.266.0 Description: A bug in the gorouter process can cause a denial of service for applications hosted on Cloud Foundry. This occurs when client connections are closed prematurely,...

PT-2023-21818 · Wireshark +2 · Wireshark +2

Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.6.0 through 3.6.13 Wireshark versions 4.0.0 through 4.0.5 Description: The issue is related to a crash in the BLF file parser, which can be exploited to cause a denial of service via a crafted capture file. Recommendation...