CVE-2023-1305
An authenticated attacker can leverage an exposed “boxâ€� object to read and write arbitrary files from disk, provided those files can be parsed as yaml…
An authenticated attacker can leverage an exposed “boxâ€� object to read and write arbitrary files from disk, provided those files can be parsed as yaml…
An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution.…
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password…
An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism. Zafiyet ile ilgili Genel…
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability…
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability…
x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions…
x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run…
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection.This issue…
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pacsrapor allows Reflected XSS.This issue affects Pacsrapor: before 1.22. Zafiyet ile ilgili Genel…