๐จ CVE-2022-33166
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586.
๐@cveNotify
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586.
๐@cveNotify
Ibm
Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues
Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components.
๐จ CVE-2022-32757
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510.
๐@cveNotify
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510.
๐@cveNotify
Ibm
Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues
Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components.
๐จ CVE-2022-32752
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439.
๐@cveNotify
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439.
๐@cveNotify
Ibm
Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues
Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components.
๐จ CVE-2023-34239
Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
๐@cveNotify
Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
๐@cveNotify
GitHub
Prevent path traversal in `/file` routes by abidlabs ยท Pull Request #4370 ยท gradio-app/gradio
Prevents path traversal in /file routes
Internal discussion here
Internal discussion here
๐จ CVE-2023-34364
A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code.
๐@cveNotify
A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code.
๐@cveNotify
Progress.com
Unleash the Power of AI for Your Business | Progress Software
Progress provides AI-powered software solutions to automate processes to develop, deploy and manage apps, and make critical data more accessible and secure.
๐จ CVE-2023-0342
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12
๐@cveNotify
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12
๐@cveNotify
๐จ CVE-2023-34855
A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi.
๐@cveNotify
A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi.
๐@cveNotify
GitHub
Stored Cross-Site Scripting (XSS) Vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd. AC Centralized Management Platformโฆ
Search vulnerable products on internet Go to https://hunter.qianxin.com/, and use this syntax to search potential vulnerable products existing on internet:web.body="login_title: 'D-Link่ทฏ็ฑๅจ...
๐จ CVE-2019-6502
sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.
๐@cveNotify
sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.
๐@cveNotify
GitHub
Memory leak ยท Issue #1586 ยท OpenSC/OpenSC
Hi Team, I have build this repo using clang via ASAN, a memory leak was detected in eidenv.c ASAN ==32025==ERROR: LeakSanitizer: detected memory leaks Direct leak of 632 byte(s) in 1 object(s) allo...
๐จ CVE-2021-42782
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
๐@cveNotify
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
๐@cveNotify
GitHub
cardos: Correctly calculate the left bytes to avoid buffer overrun ยท OpenSC/OpenSC@1252aca
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29912
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29912
๐จ CVE-2021-42781
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
๐@cveNotify
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
๐@cveNotify
๐จ CVE-2021-42780
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
๐@cveNotify
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
๐@cveNotify
๐จ CVE-2021-42779
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
๐@cveNotify
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
๐@cveNotify
๐จ CVE-2023-2977
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.
๐@cveNotify
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.
๐@cveNotify
GitHub
Possible buffer overrun vulnerability in pkcs15 `cardos_have_verifyrc_package` ยท Issue #2785 ยท OpenSC/OpenSC
Problem Description On reviewing historical CVE vulnerabilities, I found a possible recurring vulnerability as CVE-2021-42782, which was reported by oss-fuzz and fixed in commit 1252aca. The newly ...
๐จ CVE-2023-0457
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.
๐@cveNotify
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.
๐@cveNotify
jvn.jp
JVNVU#93891523: ไธ่ฑ้ปๆฉ่ฃฝMELSECใทใชใผใบใซใใใ่ช่จผๆ
ๅ ฑใฎๅนณๆไฟๅญใฎ่ๅผฑๆง
Japan Vulnerability Notes
๐จ CVE-2022-25883
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
๐@cveNotify
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
๐@cveNotify
GitHub
fix: better handling of whitespace (#564) ยท npm/node-semver@717534e
The semver parser for node (the one npm uses). Contribute to npm/node-semver development by creating an account on GitHub.
๐จ CVE-2023-3339
A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file exam-delete.php. The manipulation of the argument test_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232015.
๐@cveNotify
A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file exam-delete.php. The manipulation of the argument test_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232015.
๐@cveNotify
๐จ CVE-2023-34340
Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo.
This issue affects Apache Accumulo: 2.1.0.
Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1.
๐@cveNotify
Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo.
This issue affects Apache Accumulo: 2.1.0.
Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1.
๐@cveNotify
๐จ CVE-2023-34981
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
๐@cveNotify
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
๐@cveNotify
๐จ CVE-2023-34363
An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security (OAS) encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses an insecure random number generator to generate the private key. It is possible for a well-placed attacker to predict the output of this random number generator, which could lead to an attacker decrypting traffic between the driver and the database server. The vulnerability does not exist if SSL / TLS encryption is used.
๐@cveNotify
An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security (OAS) encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses an insecure random number generator to generate the private key. It is possible for a well-placed attacker to predict the output of this random number generator, which could lead to an attacker decrypting traffic between the driver and the database server. The vulnerability does not exist if SSL / TLS encryption is used.
๐@cveNotify
Progress.com
Unleash the Power of AI for Your Business | Progress Software
Progress provides AI-powered software solutions to automate processes to develop, deploy and manage apps, and make critical data more accessible and secure.
๐จ CVE-2023-21108
In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-239414876
๐@cveNotify
In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-239414876
๐@cveNotify
๐จ CVE-2023-21105
In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261036568
๐@cveNotify
In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261036568
๐@cveNotify