Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <=Â 2.2.0 versions.
Category Archives: Advisories
CVE-2022-0010
Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools.
An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes.
This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.
CVE-2020-36694
An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12.
CVE-2021-46888
An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function.
GLSA 202305-28: snakeyaml: Multiple Vulnerabilities
GLSA 202305-27: Tinyproxy: Memory Disclosure
GLSA 202305-26: LibreCAD: Multiple Vulnerabilities
GLSA 202305-25: OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities
GLSA 202305-24: MediaWiki: Multiple Vulnerabilities
DSA-5408 libwebp – security update
Irvan Kurniawan discovered a double free in the libwebp image compression
library which may result in denial of service.