Apache IoTDB 授权问题漏洞

Apache IoTDB is an integrated data management engine designed for time series data from the Apache Foundation USA that provides data collection, storage and analysis services, among other things. An authorization issue vulnerability exists in Apache IoTDB Grafana Connector versions 0.13.0 through...

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-application (>=1.1.0 <=1.2.0) +20168 more potentially affected by CVE-2023-20863 via org.springframework:spring-expression (>=5.3.0 <=5.3.26)

org.springframework:spring-expression MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2023-20863 Source advisory: OSV:GHSA-WXQC-PXW9-G2P8...

@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +540 more potentially affected by CVE-2023-26121 via safe-eval (>=0.2.0 <=0.4.1)

safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2023-26121 Source advisory: OSV:GHSA-HCG3-56JF-X4VH...

Zoho ManageEngine Applications Manager 跨站脚本漏洞

ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product features application performance management, fault management, report generation, and SLA management. A security vulnerability exists in Zoho...

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

UBUNTU-CVE-2023-0838

An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342...

ai.ylyue:yue-library-data-es (=j11.2.6.2), ai.ylyue:yue-library-data-mybatis (=j11.2.6.2) +3132 more potentially affected by CVE-2023-25330 via com.baomidou:mybatis-plus (>=1.2.11 <=3.5.3)

com.baomidou:mybatis-plus MAVEN version =1.2.11, =0.3.0, =0.4.0, =1.0.0, =1.0.0, =3.0.5, =1.7.2, =1.7.2, =1.0.4.R, =1.0.4.R, =1.0.4.R, =1.0.6.R - cc.vihackerframework:vihacker-sharding-starter =1.0.6.R and more Source cves: CVE-2023-25330 Source advisory: OSV:GHSA-32QQ-M9FH-F74W...

PT-2023-16330 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.6 through 15.8.4 GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 Description: An issue has been discovered in GitLab, allowing for a cross-site scripting XSS attack via a malicious email address fo...

PT-2023-16279 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 8.1 through 15.8.5 GitLab versions 15.9 through 15.9.4 GitLab versions 15.10 through 15.10.1 Description: An issue has been discovered in GitLab where it was possible to add a branch with an ambiguous name, which could be used...

PT-2023-17198 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.10 through 15.8.5 GitLab versions 15.9 through 15.9.4 GitLab versions 15.10 through 15.10.1 Description: A denial of service condition exists in the Prometheus server bundled with GitLab. This issue affects various versions...

AZL-25966 CVE-2023-26916 affecting package libyang for versions less than 2.1.55-1

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysparsemem at lysparsemem.c...

HashiCorp Vault SQL注入漏洞

HashiCorp Vault is a private key access management tool from HashiCorp Inc. in the United States. A SQL injection vulnerability exists in HashiCorp Vault versions 0.8.0 through 1.13.1, which stems from the fact that when configuring the MSSQL plugin locally, certain parameters are not cleaned up...

Apache InLong 代码问题漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A deserialization vulnerability exists in Apache InLong versions 1.1.0 to 1.5.0. The vulnerability stems from unsafe deserializatio...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab versions 1.6.50 to 2.11.0, which ste...

PT-2023-21862 · H2 +2 · H2 +3

Name of the Vulnerable Software and Affected Versions: GoCD versions 20.5.0 through 23.1.0 Description: The issue arises when the server environment is not correctly configured to provide access to the relevant PostgreSQL or MySQL backup tools, potentially leaking database access credentials to...

abs-auth-rbac-core (>=0.1.15 <=0.5.4), airdot (>=0.3.0b0 <=0.6.0b0) +48 more potentially affected by CVE-2023-28859 via redis (>=4.5.0 <=4.5.3)

redis PYPI version =4.5.0, =0.1.15, =0.3.0b0, =23.2.9, =1.1.87, =0.0.25, =1.1.0, =1.0.0, =0.13.0, =1.0.0, =0.3.0, =1.1.38, =1.1.50, =1.1.74 and more Source cves: CVE-2023-28859 Source advisory: OSV:PYSEC-2023-46...

abs-auth-rbac-core (>=0.1.15 <=0.5.4), airdot (>=0.3.0b0 <=0.6.0b0) +45 more potentially affected by CVE-2023-28858 via redis (>=4.5.0 <=4.5.2)

redis PYPI version =4.5.0, =0.1.15, =0.3.0b0, =23.2.9, =1.1.87, =0.0.25, =1.1.0, =1.0.0, =0.13.0, =1.0.0, =0.3.0, =4.7.0, =4.7.3 and more Source cves: CVE-2023-28858 Source advisory: OSV:PYSEC-2023-45...

@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +540 more potentially affected by CVE-2023-26122 via safe-eval (>=0.2.0 <=0.4.1)

safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2023-26122 Source advisory: SNYK:JS-SAFEEVAL-3373064...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +607 more potentially affected by CVE-2023-25676 via tensorflow (>=1.0.1 <=2.11.0rc2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =1.1.0, =0.0.1, =0.2.0, =0.3.1, =0.5.1 and more Source cves: CVE-2023-25676 Source advisory: OSV:GHSA-6WFH-89Q8-44JQ...

Faveo Helpdesk SQL注入漏洞

Faveo Helpdesk is an open source ticketing system built by Faveo based on Laravel framework. A security vulnerability exists in Faveo Helpdesk versions 1.0 through 1.11.1, which stems from a controlled parameter passed from the front-end of the login box to the back-end, resulting in an SQL...