August 2023 – Page 201 – WindowsTechs.com

CVE-2023-30078 (libeconf)

Posted on August 22, 2023 by National Vulnerability Database

A stack overflow vulnerability exists in function econf_writeFile in file atlibeconf/lib/libeconf.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code. Continue reading CVE-2023-30078 (libeconf)→

CVE-2023-30079 (libeconf)

Posted on August 22, 2023 by National Vulnerability Database

A stack overflow vulnerability exists in function read_file in atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code. Continue reading CVE-2023-30079 (libeconf)→

CVE-2023-36281 (langchain)

Posted on August 22, 2023 by National Vulnerability Database

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter. Continue reading CVE-2023-36281 (langchain)→

CVE-2023-24517 (pandora_fms)

Posted on August 22, 2023 by National Vulnerability Database

Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS… Continue reading CVE-2023-24517 (pandora_fms)→

CVE-2023-24516 (pandora_fms)

Posted on August 22, 2023 by National Vulnerability Database

Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and prior… Continue reading CVE-2023-24516 (pandora_fms)→

CVE-2023-24515 (pandora_fms)

Posted on August 22, 2023 by National Vulnerability Database

Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as… Continue reading CVE-2023-24515 (pandora_fms)→

CVE-2023-24514 (pandora_fms)

Posted on August 22, 2023 by National Vulnerability Database

Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. This issue affects Pandora FMS v767 version and prior versions on all platforms. Continue reading CVE-2023-24514 (pandora_fms)→

CVE-2022-48566 (active_iq_unified_manager, converged_systems_advisor_agent, debian_linux, python)

Posted on August 22, 2023 by National Vulnerability Database

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. Continue reading CVE-2022-48566 (active_iq_unified_manager, converged_systems_advisor_agent, debian_linux, python)→

CVE-2022-48566 (debian_linux, python)

Posted on August 22, 2023 by National Vulnerability Database

CVE-2022-48565 (debian_linux, python)

Posted on August 22, 2023 by National Vulnerability Database

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. Continue reading CVE-2022-48565 (debian_linux, python)→