‼ CVE-2023-34244 ‼
📖 Read
via "National Vulnerability Database".
GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8 to receive a patch.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-34654 ‼
📖 Read
via "National Vulnerability Database".
taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-30207 ‼
📖 Read
via "National Vulnerability Database".
A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36622 ‼
📖 Read
via "National Vulnerability Database".
The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27199 ‼
📖 Read
via "National Vulnerability Database".
PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-36623 ‼
📖 Read
via "National Vulnerability Database".
The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35924 ‼
📖 Read
via "National Vulnerability Database".
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34457 ‼
📖 Read
via "National Vulnerability Database".
MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `<input type="file" ...>` inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took very specific (and manual) steps to reset HTML form field values. Version 1.3.0 contains a patch for this issue.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-34107 ‼
📖 Read
via "National Vulnerability Database".
GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30670 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3521 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30645 ‼
📖 Read
via "National Vulnerability Database".
Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30659 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27225 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30641 ‼
📖 Read
via "National Vulnerability Database".
Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner's google account data.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30666 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30663 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30652 ‼
📖 Read
via "National Vulnerability Database".
Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30673 ‼
📖 Read
via "National Vulnerability Database".
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1 allows local attackers to delete arbitrary directory using directory junction.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24256 ‼
📖 Read
via "National Vulnerability Database".
An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30669 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.📖 Read
via "National Vulnerability Database".