In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O...
In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing...
The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function...
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This...
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact’s first or last name and triggered when viewing a contact’s details page then clicking on the action drop down...
Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "error_related_to" parameters of the POST request of the bounce management...
For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic’s password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker...
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1;...
A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator. Date published : 2021-08-30 ZenTao CMS – A Monkey’s journey...
A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job. Date published : 2021-08-30 ZenTao CMS – A Monkey’s...
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System. Date published : 2021-08-30 ZenTao CMS – A...
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. Date published : 2021-08-30 https://puppet.com/security/cve/CVE-2021-27020
PuppetDB logging included potentially sensitive system information. Date published : 2021-08-30 https://puppet.com/security/cve/CVE-2021-27019
The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are...