βΌ CVE-2023-25655 βΌ
π Read
via "National Vulnerability Database".
baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1612 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Rebuild up to 3.2.3. This affects an unknown part of the file /files/list-file. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223743.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1607 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an unknown part of the file /common/sysFile/list. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223737 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28330 βΌ
π Read
via "National Vulnerability Database".
Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25654 βΌ
π Read
via "National Vulnerability Database".
baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28332 βΌ
π Read
via "National Vulnerability Database".
If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28611 βΌ
π Read
via "National Vulnerability Database".
Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20 allows an attacker to bypass intended access restrictions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26359 βΌ
π Read
via "National Vulnerability Database".
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0590 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28336 βΌ
π Read
via "National Vulnerability Database".
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1608 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The manipulation of the argument cateId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223738 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36413 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1249 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in the Linux kernelΓ’β¬β’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20861 βΌ
π Read
via "National Vulnerability Database".
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1544 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28329 βΌ
π Read
via "National Vulnerability Database".
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).π Read
via "National Vulnerability Database".
βΌ CVE-2023-28333 βΌ
π Read
via "National Vulnerability Database".
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-20859 βΌ
π Read
via "National Vulnerability Database".
In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.π Read
via "National Vulnerability Database".
π΄ Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams π΄
π Read
via "Dark Reading".
Open source software continues to pose a challenge for companies. With the proper security practices, you can reduce your open source risk and manage it.π Read
via "Dark Reading".
Dark Reading
Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams
Open source software continues to pose a challenge for companies. With the proper security practices, you can reduce your open source risk and manage it.
βΌ CVE-2023-27034 βΌ
π Read
via "National Vulnerability Database".
PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24295 βΌ
π Read
via "National Vulnerability Database".
A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows attackers to execute arbitrary code after opening a crafted PDF file.π Read
via "National Vulnerability Database".