Weekly Vulnerabilities Reports > July 24 to 30, 2023

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution.

Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.

Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.

Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page.

Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.

Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.

Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.

Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.

Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.

Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted HTML page.

Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file.

Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

A buffer overflow issue was addressed with improved memory handling.

A logic issue was addressed with improved restrictions.

Kirby is a content management system.

Cross-Site Request Forgery (CSRF) vulnerability in Wpstream WpStream – Live Streaming, Video on Demand, Pay Per View plugin <= 4.5.4 versions.

The issue was addressed with improved memory handling.

The issue was addressed with improved checks.

The issue was addressed with improved checks.

The issue was addressed with improved memory handling.

HCL BigFix Mobile is vulnerable to a command injection attack.

The issue was addressed with improved checks.

The issue was addressed with improved checks.

Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields.

Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products.

There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. This issue allows unauthenticated nodes to craft radio frames using “Key ID Mode 2”: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP packets being allowed on the Thread network. This provides a pathway for an attacker to send/receive arbitrary IPv6 packets to devices on the LAN, potentially exploiting them if they lack additional authentication or contain any network vulnerabilities that would normally be mitigated by the home router’s NAT firewall.

In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access

Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when communicating over OSDP.

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system.

An issue was discovered in Nokia NetAct 22.

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section.

/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF.

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment.  This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

A logic issue was addressed with improved restrictions.

The issue was addressed with improvements to the file handling protocol.

Tolgee is an open-source localization platform.

An out-of-bounds read was addressed with improved input validation.

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system.

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server.

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server.

Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File

When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.

When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.

An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.

Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability.

The issue was addressed with improved checks.

The issue was addressed with improved memory handling.

The issue was addressed with improved memory handling.

A use-after-free issue was addressed with improved memory management.

The issue was addressed with improved memory handling.

The issue was addressed with improved memory handling.

The issue was addressed with improved memory handling.

A path handling issue was addressed with improved validation.

The issue was addressed with improved memory handling.

A use-after-free issue was addressed with improved memory management.

A use-after-free issue was addressed with improved memory management.

The issue was addressed with improved checks.

The issue was addressed with improved checks.

AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.

ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.

In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions

On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.

Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels

Cryptomator is data encryption software for users who store their files in the cloud.

Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU.

Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs.

A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data.

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled.

Tadiran Telecom Aeonix - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Discourse is an open source discussion platform.

A logic issue was addressed with improved validation.

This issue was addressed with improved validation of symlinks.

This issue was addressed by removing the vulnerable code.

An injection issue was addressed with improved input validation.

TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive Information: RSA private key in Update.exe.

Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information.

Sails is a realtime MVC Framework for Node.js.

DietPi-Dashboard is a web dashboard for the operating system DietPi.

Kirby is a content management system.

The issue was addressed with improved checks.

The issue was addressed with improved checks.

The issue was addressed with improved checks.

Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems.

Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.

A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server.

Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed.

FPE in paddle.trace in PaddlePaddle before 2.5.0.

Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0.

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission.

A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product.

A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product.

RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/.

Armeria is a microservice framework Spring supports Matrix variables.

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8.

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8.

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8.

Envoy is an open source edge and service proxy designed for cloud-native applications.

Strapi is an open-source headless content management system.

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers

An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage.

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0.  The attacker could bypass the current logic and achieve arbitrary file reading.

A vulnerability classified as critical was found in Campcodes Beauty Salon Management System 1.0.

A vulnerability, which was classified as critical, has been found in Campcodes Beauty Salon Management System 1.0.

A vulnerability was found in Campcodes Beauty Salon Management System 1.0.

A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0.

A vulnerability was found in Campcodes Beauty Salon Management System 1.0.

A vulnerability was found in Campcodes Beauty Salon Management System 1.0.

A vulnerability has been found in Campcodes Beauty Salon Management System 0.1.0 and classified as critical.

A vulnerability was found in Campcodes Beauty Salon Management System 1.0 and classified as critical.

A vulnerability, which was classified as critical, was found in Campcodes Beauty Salon Management System 1.0.

A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)

A vulnerability, which was classified as critical, has been found in Campcodes Beauty Salon Management System 1.0.

A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0.

A vulnerability classified as critical was found in Campcodes Beauty Salon Management System 1.0.

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system.

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server.

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server.

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server.

A flaw was found in Keylime.

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored.

Kirby is a content management system.

Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type -  A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.

Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file.

Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file.

Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file.

Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file.

The issue was addressed with improved memory handling.

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability.

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability.

The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability.

Local user may lead to privilege escalation using Gaia Portal hostnames page.

The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin.

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g.

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI.

Strapi is an open-source headless content management system.

A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel.

A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel.

AnaSystem SensMini M4 – Using the configuration tool, an authenticated user can cause Denial of Service for the device

Sysaid - CWE-552: Files or Directories Accessible to External Parties -  Authenticated users may exfiltrate files from the server via an unspecified method.

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome Extension.

Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to read arbitrary files via a malicious file.

Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page.

Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic.

Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Discourse is an open source discussion platform.

A logic issue was addressed with improved state management.

A logic issue was addressed with improved state management.

The issue was addressed with improved checks.

A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server.

POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in.

Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances.

Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php.

The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application.

Directus is a real-time API and App dashboard for managing SQL database content.

TDengine is an open source, time-series database optimized for Internet of Things devices.

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8.

Envoy is an open source edge and service proxy designed for cloud-native applications.

Sentry is an error tracking and performance monitoring platform.

An uncontrolled resource consumption flaw was found in openstack-neutron.

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors cannot be opened or closed.

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0.

Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.

A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU.

Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page.

A vulnerability was found in AO-OPC server versions mentioned above.

A vulnerability was found in SourceCodester Jewelry Store System 1.0.

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1.

This issue was addressed with improved checks.

Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books.

A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field.

Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field.

Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.

A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name, leader, and member fields.

Unauth.

Unauth.

Unauth.

Unauth.

Unauth.

Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.

Unauth.

HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability.

* A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box.

A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name parameter.

Netdisco before v2.063000 was discovered to contain an open redirect vulnerability.

Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src.

A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.

copyparty is file server software.

A vulnerability was found in phpscriptpoint Lawyer 1.6.

TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values.

Thinkific Thinkific Online Course Creation Platform 1.0 is affected by: Cross Site Scripting (XSS).

RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning.

A vulnerability was found in phpscriptpoint Lawyer 1.6 and classified as problematic.

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack. Upgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher.

In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible

Unauth.

Unauth.

Unauth.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cththemes Balkon plugin <= 1.3.2 versions.

Unauth.

Unauth.

A vulnerability classified as problematic has been found in Campcodes Beauty Salon Management System 1.0.

A vulnerability was found in Campcodes Beauty Salon Management System 1.0.

A vulnerability was found in Campcodes Beauty Salon Management System 1.0.

A vulnerability was found in Campcodes Beauty Salon Management System 1.0.

A vulnerability was found in Campcodes Beauty Salon Management System 1.0 and classified as problematic.

A vulnerability, which was classified as problematic, was found in Campcodes Beauty Salon Management System 1.0.

A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 and classified as problematic.

A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

A cross-site scripting (XSS) vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter.

The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability.

A vulnerability was found in phpscriptpoint Insurance 1.2.

A vulnerability was found in phpscriptpoint Insurance 1.2.

A vulnerability has been found in phpscriptpoint Car Listing 1.6 and classified as problematic.

A vulnerability, which was classified as problematic, has been found in phpscriptpoint Ecommerce 1.15.

A vulnerability, which was classified as problematic, was found in phpscriptpoint Ecommerce 1.15.

A vulnerability classified as problematic was found in phpscriptpoint JobSeeker 1.5.

This issue was addressed by using HTTPS when sending information over the network.

Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation Runtime <G4.93 allows unauthenticated network-based attackers to cause permanent denial-of-service conditions.

Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.

The issue was addressed with improved checks.

A logic issue was addressed with improved restrictions.

The issue was addressed with improved checks.

An access issue was addressed with improved access restrictions.

The issue was addressed with improved checks.

A logic issue was addressed with improved restrictions.

The issue was addressed with improved checks.

A logic issue was addressed with improved checks.

A permissions issue was addressed with additional restrictions.

The issue was addressed with additional permissions checks.

This issue was addressed with improved data protection.

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.

This issue was addressed with improved state management.

Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file.

A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to cause a Denial of Service (DoS) via a crafted text file.

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.

Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE).

A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h.

Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Discourse is an open source discussion platform.

Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.

Kirby is a content management system.

Auth.

A vulnerability, which was classified as problematic, has been found in GZ Scripts Availability Booking Calendar PHP 1.0.

A vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0.

HCL BigFix Mobile is vulnerable to a cross-site scripting attack.

An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file.

An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17.

Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents.

A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account.

Cal.com is open-source scheduling software.

DataEase is an open source data visualization analysis tool.

Contao is an open source content management system.

Tuleap is a free and open source suite to improve management of software development and collaboration.

Auth.

Auth.

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system.

A flaw was found in the Quay registry.

An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section.

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section.

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers.

Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.

Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it.

A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags.

The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1.

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM).

TYPO3 is an open source PHP based web content management system.

Envoy is an open source edge and service proxy designed for cloud-native applications.

Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message. This issue affects SureMDM On-premise: 6.31 and below version 

An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack.

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel.

A flaw was found in libvirt.

An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service.

Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2.

Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability.

Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php.

Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php.

A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic.

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.

Auth.

Auth.

Netdisco before v2.063000 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Web/TypeAhead.pm.

Auth.

The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

The Auto Location for WP Job Manager via Google WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin.

A vulnerability was found in Travelmate Travelable Trek Management Solution 1.0.

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem).

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem).

An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel.

Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page.

Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators.

Discourse is an open source discussion platform.

Discourse is an open source discussion platform.

An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.

An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35.

A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel.

Apptainer is an open source container platform.

Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic.

Discourse is an open source discussion platform.

Crossplane is a framework for building cloud native control planes without needing to write code.

REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.