βΌ CVE-2023-31140 βΌ
π Read
via "National Vulnerability Database".
OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication (2FA) device for an account, existing logged in sessions for that user account are not terminated. Likewise, if an administrators creates a mobile phone 2FA device on behalf of a user, their existing sessions are not terminated. The issue has been resolved in OpenProject version 12.5.4 by actively terminating sessions of user accounts having registered and confirmed a 2FA device. As a workaround, users who register the first 2FA device on their account can manually log out to terminate all other active sessions. This is the default behavior of OpenProject but might be disabled through a configuration option. Double check that this option is not overridden if one plans to employ the workaround.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27963 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. A shortcut may be able to use sensitive data with certain actions without prompting the userπ Read
via "National Vulnerability Database".
βΌ CVE-2023-23541 βΌ
π Read
via "National Vulnerability Database".
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a userΓ’β¬β’s contactsπ Read
via "National Vulnerability Database".
βΌ CVE-2023-27960 βΌ
π Read
via "National Vulnerability Database".
This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macOS 10.4.8. An app may be able to gain elevated privileges during the installation of GarageBandπ Read
via "National Vulnerability Database".
βΌ CVE-2023-2478 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23536 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privilegesπ Read
via "National Vulnerability Database".
βΌ CVE-2023-2513 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46719 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23523 βΌ
π Read
via "National Vulnerability Database".
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookupπ Read
via "National Vulnerability Database".
βΌ CVE-2023-27959 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privilegesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-42794 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30334 βΌ
π Read
via "National Vulnerability Database".
AsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32233 βΌ
π Read
via "National Vulnerability Database".
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31133 βΌ
π Read
via "National Vulnerability Database".
Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack.Ghost(Pro) has already been patched. Maintainers can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a version below v5.46.1. v5.46.1 contains a fix for this issue. As a workaround, add a block for requests to `/ghost/api/content/*` where the `filter` query parameter contains `password` or `email`.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32809 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32808 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31183 βΌ
π Read
via "National Vulnerability Database".
Cybonet PineApp Mail SecureΓ A reflected cross-site scripting (XSS) vulnerability was identified in the product, using an unspecified endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46728 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27953 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memoryπ Read
via "National Vulnerability Database".
βΌ CVE-2022-32822 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27952 βΌ
π Read
via "National Vulnerability Database".
A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checksπ Read
via "National Vulnerability Database".