Security
Headlines
HeadlinesLatestCVEs

Tag

#pdf

Red Hat Security Advisory 2023-5789-01

Red Hat Security Advisory 2023-5789-01 - Python-reportlab is a library used for generation of PDF documents. Issues addressed include a code execution vulnerability.

Packet Storm
Open in Source
#vulnerability#linux#red_hat#js#pdf#sap
Red Hat Security Advisory 2023-5788-01

Red Hat Security Advisory 2023-5788-01 - Python-reportlab is a library used for generation of PDF documents. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5787-01

Red Hat Security Advisory 2023-5787-01 - Python-reportlab is a library used for generation of PDF documents. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5786-01

Red Hat Security Advisory 2023-5786-01 - Python-reportlab is a library used for generation of PDF documents. Issues addressed include a code execution vulnerability.

CVE-2023-45727: お知らせ: [至急]Proselfのゼロデイ脆弱性(CVE-2023-45727)による攻撃発生について(更新) / オンラインストレージ構築パッケージ Proself (プロセルフ)

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.

CVE-2023-5632: 100% CPU usage in case the client doesn't send data - bug fix by przemyslawzygmunt · Pull Request #2053 · eclipse/mosquitto

In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2023-41629: CVE-Advisory/CVE-2023-41629-eSST-Path-Traversal.pdf at main · post-cyberlabs/CVE-Advisory

A lack of input sanitizing in the file download feature of eSST Monitoring v2.147.1 allows attackers to execute a path traversal.

CVE-2023-41630: CVE-Advisory/CVE-2023-41630-eSST-Preauth-RCE.pdf at main · post-cyberlabs/CVE-Advisory

eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the Gii code generator component.

CVE-2023-41631: CVE-Advisory/CVE-2023-41631-eSST-RCE.pdf at main · post-cyberlabs/CVE-Advisory

eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the file upload function.