CVE-2024-1539

Removed by vendor...

CVE-2024-1403

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...

BIT-PHP-MIN-2024-8932 OOB access in ldap_escape

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, uncontrolled long string inputs to ldapescape function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write...

PT-2024-5127 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.11.6 Argo CD versions prior to 2.10.15 Argo CD versions prior to 2.9.20 Description: The issue is related to an unauthenticated attacker sending a specially crafted large JSON payload to the "/api/webhook" endpoint...

AZL-27962 CVE-2023-3823 affecting package php for versions less than 8.1.22-1

In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...

Citrix ADC (NetScaler) Forms SSO Target RCE

A vulnerability exists within Citrix ADC that allows an unauthenticated attacker to trigger a stack buffer overflow of the nsppe process by making a specially crafted HTTP GET request. Successful exploitation results in remote code execution as root. Module Options msf use...

CVE-2023-37374

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 All versions V2201.0008, Tecnomatix Plant Simulation V2302 All versions V2302.0002. The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted STP files. This could allow an attacke...

PT-2023-22006 · Unknown · Cbot Chatbot

Name of the Vulnerable Software and Affected Versions: CBOT Chatbot versions prior to Core: v4.0.3.4 CBOT Chatbot versions prior to Panel: v4.0.3.7 Description: The issue is related to the improper enforcement of message integrity during transmission in a communication channel, allowing an...

CVE-2023-1965

An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access toke...

SUSE CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

Cross site scripting

A vulnerability has been identified in Mendix SAML Mendix 8 compatible All versions = V2.3.0 = V3.3.0 = V3.3.0 V3.3.8. The affected module is vulnerable to reflected cross-site scripting XSS attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a...

PT-2022-25407 · Wazuh · Wazuh

Name of the Vulnerable Software and Affected Versions: Wazuh versions 3.6.1 through 3.13.5 Wazuh versions 4.0.0 through 4.2.7 Wazuh versions 4.3.0 through 4.3.7 Description: The issue is an authenticated remote code execution RCE vulnerability. It can be exploited via the Active Response endpoint...

PT-2022-15065 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The implementation of Dequantize does not fully validate the value of axis and c...

DEBIAN-CVE-2022-23807

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances...

DEBIAN-CVE-2021-44025

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message...

CVE-2021-38162

SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may,...

UVI-2021-1000576 cxgb4: avoid accessing registers when clearing filters

cxgb4: avoid accessing registers when clearing filters This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.42 by commit...

OESA-2021-1065 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Code injection

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when a BIG-IP APM virtual server processes traffic of an undisclosed nature, the Traffic Management Microkernel TMM stops responding and restarts...

DEBIAN-CVE-2019-15604

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate...