CVE-2022-39365 : PIMCORE UP TO 10.5.8 TWIG TEMPLATE CODE INJECTION

Description

Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinition\Layout\Text` is vulnerable to server-side template injection, which could lead to remote code execution. Version 10.5.9 contains a patch for this issue. As a workaround, one may apply the patch manually.

References

https://github.com/pimcore/pimcore/security/advisories/GHSA-5qxq-vgmm-q39m

https://github.com/pimcore/pimcore/commit/43aa34e018f5cd447bceb864358285ba92f68372

https://github.com/pimcore/pimcore/pull/13347

https://github.com/pimcore/pimcore/pull/13347.patch

For More Information

MITRE

Contact us to get started

CVE-2023-32460 : DELL POWEREDGE PLATFORM PRIOR 2.20.1 BIOS MISSING AUTHENTICATION

Description Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability,

Learn more

CVE-2023-6514 : HUAWEI AJMD-370S 103.1.0.110(SP12C00E2R1P2) BLUETOOTH MODULE LOGIC ERROR

Description The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this

Learn more

CVE-2023-22523 : ATLASSIAN ASSETS DISCOVERY CLOUD ASSETS DISCOVERY AGENT REMOTE CODE EXECUTION

Description This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets

Learn more