Cross-site Scripting (XSS)
opentsdb is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to the insufficient validation of parameters reflected in error messages in the `internalError` and `badRequest` func ...
Continue Reading
May 11, 2023
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : maven and recommended update for antlr3, minlog, sbt, xmvn (SUSE-SU-2023:2097-1)
The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2097-1 advisory. - In logback version 1.2.7 and ...
Continue Reading
May 10, 2023
Microsoft Remote Desktop App Information Disclosure (May 2023)
The Microsoft Remote Desktop Windows Store App installed on the remote host is prior to 10.2.3006.0. It is, therefore, affected by an information disclosure vulnerability. When an Microsoft Remote Des ...
Continue Reading
May 10, 2023
CVE-2023-25833
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbi ...
Continue Reading
May 10, 2023
CVE-2023-25831
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could ...
Continue Reading
May 09, 2023
CVE-2023-25832
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions. Read Mo ...
Continue Reading
May 09, 2023
CVE-2023-25829
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary w ...
Continue Reading
May 09, 2023
CVE-2023-25830
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could ...
Continue Reading
May 09, 2023
CVE-2023-29106
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 Read More ...
Continue Reading
May 09, 2023
CVE-2023-31485
GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks. #### Bugs * Read More ...
Continue Reading
May 09, 2023
