โผ CVE-2023-1855 โผ
๐ Read
via "National Vulnerability Database".
A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1787 โผ
๐ Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1782 โผ
๐ Read
via "National Vulnerability Database".
HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.๐ Read
via "National Vulnerability Database".
๐2
โผ CVE-2022-31888 โผ
๐ Read
via "National Vulnerability Database".
Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-31889 โผ
๐ Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2023-23981 โผ
๐ Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud Conversational Forms for ChatBot plugin <= 1.1.6 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25542 โผ
๐ Read
via "National Vulnerability Database".
Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-29416 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-29419 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-29421 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_decode_block.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23982 โผ
๐ Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGear.Pro WPFrom Email plugin <= 1.8.8 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-29415 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24003 โผ
๐ Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Timersys WP Popups รขโฌโ WordPress Popup plugin <= 2.1.4.8 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23979 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-29420 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3_decode_block.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24006 โผ
๐ Read
via "National Vulnerability Database".
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Software LLC WP Terms Popup plugin <= 2.6.0 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23815 โผ
๐ Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Jackson Multi-column Tag Map plugin <= 17.0.24 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-28046 โผ
๐ Read
via "National Vulnerability Database".
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23971 โผ
๐ Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin <= 1.1.81 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24001 โผ
๐ Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <= 3.5.9 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-29418 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read.๐ Read
via "National Vulnerability Database".