All Posts by: Prophy Insights

Description wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime’s code generator, Cranelift, has a bug

Description XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected

Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in MedData Informatics MedDataPACS.This issue affects

Description Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do

Description XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it’s possible to inject arbitrary wiki

Description Improper Authentication vulnerability in ABB Symphony Plus S+ Operations allows Man in the Middle Attack. This issue affects Symphony

Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish

Description The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could

Description In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid. References https://lkml.org/lkml/2023/2/22/3 For

Description Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion. This issue affects COSLAT Firewall: from

Description An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if

Description A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended

Description Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the

Description IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on

Description A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7,

Description Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass. References https://www.gov.il/en/Departments/faq/cve_advisories For More Information

Description Windows iSCSI Discovery Service Remote Code Execution Vulnerability. References https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21803 For More Information MITRE

Description Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a

Description Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and

Description Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user

Description Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary

Description An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users

Description Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html,

Description A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2