π¨ CVE-2022-23614
Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.
π@cveNotify
Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.
π@cveNotify
GitHub
Disallow non closures in `sort` filter when the sanbox mode is enabled Β· twigphp/Twig@2eb3308
Twig, the flexible, fast, and secure template language for PHP - Disallow non closures in `sort` filter when the sanbox mode is enabled Β· twigphp/Twig@2eb3308
π¨ CVE-2022-23591
Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
π@cveNotify
Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
π@cveNotify
GitHub
Prevent stack overflow when FunctionLib in GraphDef has a self-recurs⦠· tensorflow/tensorflow@448a161
β¦ive function.
It is likely that no recursivity is supported, but we should handle this separately.
PiperOrigin-RevId: 414860329
Change-Id: I02a2270e86282b37362ddd485eeef16fb986a9e0
It is likely that no recursivity is supported, but we should handle this separately.
PiperOrigin-RevId: 414860329
Change-Id: I02a2270e86282b37362ddd485eeef16fb986a9e0
π¨ CVE-2022-23547
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.
π@cveNotify
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.
π@cveNotify
GitHub
Heap buffer overflow when decoding STUN message (2)
This is a continuation of https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w.
### Impact
Possible buffer overread when parsing a specially crafted STUN message. The vuln...
### Impact
Possible buffer overread when parsing a specially crafted STUN message. The vuln...
π¨ CVE-2022-45378
** UNSUPPPORTED WHEN ASSIGNED **In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
** UNSUPPPORTED WHEN ASSIGNED **In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
π¨ CVE-2022-45143
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
π@cveNotify
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
π@cveNotify
π¨ CVE-2022-45097
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.
π@cveNotify
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.
π@cveNotify
π¨ CVE-2022-23620
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like "../", "./". or "/" in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export.
π@cveNotify
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like "../", "./". or "/" in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export.
π@cveNotify
GitHub
It's possible to save pretty much anything anywhere by creating and using an SSX/JSX containing "../" in its reference
### Impact
AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document reference when serializing it on filesystem, so it's easy to mess up the HTML export p...
AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document reference when serializing it on filesystem, so it's easy to mess up the HTML export p...
π¨ CVE-2022-23724
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.
π@cveNotify
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.
π@cveNotify
Pingidentity
PingID integration for Windows login 2.4.2 (August 25, 2020) - PingID
Page created: 11 Aug 2020 | Page updated: 21 May 2023 | 3 min read PingId Product Enhancements PingID integration for Windows login through PingFederate Streamline your organization's Windows login experience with PingFederateβs cross organization authenticationβ¦
π¨ CVE-2023-2401
The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
π@cveNotify
The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
π@cveNotify
WPScan
Qubotchat < 1.1.6 β Admin+ Stored XSS
See details on Qubotchat < 1.1.6 β Admin+ Stored XSS CVE 2023-2401. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2023-2527
The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
WPScan
Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi
See details on Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi CVE 2023-2527. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2023-2654
The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
π@cveNotify
The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
π@cveNotify
WPScan
Conditional Menus < 1.2.1 - Reflected XSS
See details on Conditional Menus < 1.2.1 - Reflected XSS CVE 2023-2654. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2023-2600
The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
WPScan
Custom Base Terms < 1.0.3 - Admin+ Stored XSS
See details on the Custom Base Terms < 1.0.3 - Admin+ Stored XSS. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2023-2684
The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
WPScan
File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting
See details on the File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2023-2719
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.
π@cveNotify
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.
π@cveNotify
WPScan
SupportCandy < 3.1.7 - Subscriber+ SQLi
See details on SupportCandy < 3.1.7 - Subscriber+ SQLi CVE 2023-2719. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2023-2742
The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
π@cveNotify
The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
π@cveNotify
WPScan
AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting
See details on AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting CVE 2023-2742. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2023-2751
The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.
π@cveNotify
The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.
π@cveNotify
WPScan
Upload Resume <= 1.2.0 - Captcha Bypass
See details on Upload Resume <= 1.2.0 - Captcha Bypass CVE 2023-2751. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2022-48491
Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.
π@cveNotify
Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.
π@cveNotify
π¨ CVE-2023-27940
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections
π@cveNotify
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections
π@cveNotify
Apple Support
About the security content of macOS Monterey 12.6.6
This document describes the security content of macOS Monterey 12.6.6.
π¨ CVE-2023-27930
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to execute arbitrary code with kernel privileges
π@cveNotify
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to execute arbitrary code with kernel privileges
π@cveNotify
Apple Support
About the security content of tvOS 16.5
This document describes the security content of tvOS 16.5.
π¨ CVE-2023-23516
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Big Sur 11.7.3, macOS Ventura 13.2. An app may be able to execute arbitrary code with kernel privileges
π@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Big Sur 11.7.3, macOS Ventura 13.2. An app may be able to execute arbitrary code with kernel privileges
π@cveNotify
Apple Support
About the security content of macOS Ventura 13.2
This document describes the security content of macOS Ventura 13.2.
π¨ CVE-2022-46718
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information
π@cveNotify
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information
π@cveNotify
Apple Support
About the security content of iOS 15.7.2 and iPadOS 15.7.2
This document describes the security content of iOS 15.7.2 and iPadOS 15.7.2.