Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applica ...
Continue Reading
August 22, 2023
Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https ...
Continue Reading
August 22, 2023
A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take adv ...
Continue Reading
August 22, 2023
Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy pri ...
Continue Reading
August 22, 2023
### Impact This may impact users that use Shescape on Windows in a threaded context (e.g. using [Worker threads](https://nodejs.org/api/worker_threads.html)). The vulnerability can result in Shescape ...
Continue Reading
August 22, 2023
### Impact This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as [ ...
Continue Reading
August 22, 2023
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due t ...
Continue Reading
August 22, 2023
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods t ...
Continue Reading
August 22, 2023
Back to Main
