π¨ CVE-2023-27476
OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. This issue has been addressed in version 0.28.1. All users are advised to upgrade. The only known workaround is to patch the library manually. See `GHSA-8h9c-r582-mggc` for details.
π@cveNotify
OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. This issue has been addressed in version 0.28.1. All users are advised to upgrade. The only known workaround is to patch the library manually. See `GHSA-8h9c-r582-mggc` for details.
π@cveNotify
GitHub
XML External Entity (XXE) Injection in OWSLib
### Impact
OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution for `lxml`, and could lead to arbitrary file reads from an attacker-controlled ...
OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution for `lxml`, and could lead to arbitrary file reads from an attacker-controlled ...
π¨ CVE-2023-36663
it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface.
π@cveNotify
it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface.
π@cveNotify
GitHub
ITC-3017 by nook24 Β· Pull Request #1519 Β· it-novum/openITCOCKPIT
openITCOCKPIT is an Open Source system monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. - ITC-3017 by nook24 Β· Pull Request #1519 Β· it-novum/openITCOCKPIT
π¨ CVE-2023-36664
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
π@cveNotify
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
π@cveNotify
π¨ CVE-2023-36660
The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.
π@cveNotify
The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.
π@cveNotify
π¨ CVE-2023-36666
INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected.
π@cveNotify
INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected.
π@cveNotify
GitHub
Comparing v6.3.0...v6.3.1 Β· inex/IXP-Manager
Full stack web application powering peering at over 200 Internet Exchange Points (IXPs) globally. - Comparing v6.3.0...v6.3.1 Β· inex/IXP-Manager
π¨ CVE-2023-36661
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)
π@cveNotify
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)
π@cveNotify
π¨ CVE-2023-36675
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.
π@cveNotify
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.
π@cveNotify
π¨ CVE-2023-36662
The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. This affects User Management for Jira 2.0.0 through 2.17.1, User Management for Confluence 2.0.0 through 2.15.24, and User Management for Bitbucket 2.2.2 through 2.15.24.
π@cveNotify
The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. This affects User Management for Jira 2.0.0 through 2.17.1, User Management for Confluence 2.0.0 through 2.15.24, and User Management for Bitbucket 2.2.2 through 2.15.24.
π@cveNotify
techtime.co.nz
Atlassian Partner, Wellington - Security Vulnerability Affecting User Management
A stored XSS vulnerability was discovered in User Management versions between 2.0.0 and 2.17.1
π¨ CVE-2023-27116
WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.
π@cveNotify
WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.
π@cveNotify
GitHub
Aborted in CWriter::MangleType at wasm2c Β· Issue #1984 Β· WebAssembly/wabt
Title Aborted in CWriter::MangleType at wasm2c Environment OS : Linux ubuntu 5.15.0-46-generic #49~20.04.1-Ubuntu SMP Thu Aug 4 19:15:44 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux Commit : 3054d61f703...
π¨ CVE-2023-30300
An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.
π@cveNotify
An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.
π@cveNotify
GitHub
wasm2c hangs on certain inputs and cannot finish execution for a while. Β· Issue #2180 Β· WebAssembly/wabt
Describe the bug Certain hang.wasm causes wasm2c an infinite loop. wasm2c tries to access a memory that is not permitted instead of providing type mismatch error for a while. wasm2c --version: 1.0....
π¨ CVE-2023-31669
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").
π@cveNotify
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").
π@cveNotify
GitHub
'@' before a quote (") causes a libc++abi.dylib crash using wat2wasm. Β· Issue #2165 Β· WebAssembly/wabt
Describe the bug '@' before a quote (") causes a libc++abi.dylib crash while converting ".wat" format into ".wasm" format using wat2wasm. wat2wasm --version: 1.0.32...
π¨ CVE-2023-36631
** DISPUTED ** Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password."
π@cveNotify
** DISPUTED ** Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password."
π@cveNotify
π¨ CVE-2023-2778
A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS.
π@cveNotify
A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS.
π@cveNotify
π¨ CVE-2023-2827
SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send service requests to PCo or the Production Connector, which could have an impact on the integrity of the integration with SAP Digital Manufacturing.
π@cveNotify
SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send service requests to PCo or the Production Connector, which could have an impact on the integrity of the integration with SAP Digital Manufacturing.
π@cveNotify
π¨ CVE-2021-26637
There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.
π@cveNotify
There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.
π@cveNotify
π¨ CVE-2021-3433
Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp
π@cveNotify
Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp
π@cveNotify
GitHub
BT: Invalid channel map in CONNECT_IND results to Deadlock
### Impact
BT: Invalid channel map in CONNECT_IND results to Deadlock
### Patches
This has been fixed in:
- main #33278
- v2.5: #33369
- v1.14: TBD
### For more information
If you have ...
BT: Invalid channel map in CONNECT_IND results to Deadlock
### Patches
This has been fixed in:
- main #33278
- v2.5: #33369
- v1.14: TBD
### For more information
If you have ...
π¨ CVE-2021-40336
A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the userβs web browser, such as to steal the session cookies. Thus, an attacker who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., the link is sent per E-Mail, could trick the user into downloading malicious software onto his computer. This issue affects: Hitachi Energy MSM V2.2 and prior versions.
π@cveNotify
A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the userβs web browser, such as to steal the session cookies. Thus, an attacker who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., the link is sent per E-Mail, could trick the user into downloading malicious software onto his computer. This issue affects: Hitachi Energy MSM V2.2 and prior versions.
π@cveNotify
π¨ CVE-2023-34157
Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app.
π@cveNotify
Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app.
π@cveNotify
π¨ CVE-2023-34154
Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources.
π@cveNotify
Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources.
π@cveNotify
π¨ CVE-2023-36301
Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.
π@cveNotify
Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.
π@cveNotify
Talend
CVE information for Talend Products
This document describes the CVE issues that were observed and corrected on Talend products. It is updated every time a CVE is found and fixed. Important: For more recent security updates, see the Trust Center Updates section on Talend Security Portal. Subscribeβ¦
π¨ CVE-2020-23065
Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf.
π@cveNotify
Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf.
π@cveNotify