๐จ CVE-2023-4282
The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.
๐@cveNotify
The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.
๐@cveNotify
๐จ CVE-2023-32564
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
๐@cveNotify
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
๐@cveNotify
๐จ CVE-2023-32563
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
๐@cveNotify
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
๐@cveNotify
๐จ CVE-2023-39851
webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.
๐@cveNotify
webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.
๐@cveNotify
GitHub
vulnerability-report/webchess_CVE-2023-39851 at main ยท KLSEHB/vulnerability-report
Contribute to KLSEHB/vulnerability-report development by creating an account on GitHub.
๐จ CVE-2023-39850
Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php.
๐@cveNotify
Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php.
๐@cveNotify
GitHub
vulnerability-report/Schoolmate_CVE-2023-39850 at main ยท KLSEHB/vulnerability-report
Contribute to KLSEHB/vulnerability-report development by creating an account on GitHub.
๐จ CVE-2023-39849
Pikachu v1.0 was discovered to contain a SQL injection vulnerability via the $username parameter at \inc\function.php.
๐@cveNotify
Pikachu v1.0 was discovered to contain a SQL injection vulnerability via the $username parameter at \inc\function.php.
๐@cveNotify
GitHub
GitHub - zhuifengshaonianhanlu/pikachu: ไธไธชๅฅฝ็ฉ็Webๅฎๅ
จ-ๆผๆดๆต่ฏๅนณๅฐ
ไธไธชๅฅฝ็ฉ็Webๅฎๅ
จ-ๆผๆดๆต่ฏๅนณๅฐ. Contribute to zhuifengshaonianhanlu/pikachu development by creating an account on GitHub.
๐จ CVE-2023-20564
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzenโข Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.
๐@cveNotify
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzenโข Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.
๐@cveNotify
AMD
AMD Ryzenโข Master Security Bulletin
๐จ CVE-2023-20560
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzenโข Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service.
๐@cveNotify
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzenโข Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service.
๐@cveNotify
AMD
AMD Ryzenโข Master Security Bulletin
๐จ CVE-2019-19921
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
๐@cveNotify
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
๐@cveNotify
GitHub
[CVE-2019-19921]: Volume mount race condition with shared mounts ยท Issue #2197 ยท opencontainers/runc
Disclosed in #2190. Here's the original report to security@opencontainers.org: Hi all, an attacker who controls the container image for two containers that share a volume can race volume mounts...
๐จ CVE-2023-27561
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
๐@cveNotify
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
๐@cveNotify
GitHub
CVE-2019-19921 re-introduction/regression ยท Issue #3751 ยท opencontainers/runc
Hi, I'm part of the Debian Long Term Support (LTS) team, and I'm currently working on an update for package runc. As explained in #2197 (comment) , while working on fixing CVE-2019-19921, I...
๐จ CVE-2023-38559
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.
๐@cveNotify
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.
๐@cveNotify
๐จ CVE-2023-20569
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.
๐@cveNotify
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.
๐@cveNotify
AMD
Return Address Security Bulletin
๐จ CVE-2023-23908
Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.
๐@cveNotify
Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.
๐@cveNotify
Intel
INTEL-SA-00836
๐จ CVE-2022-41804
Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
๐@cveNotify
Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
๐@cveNotify
Intel
INTEL-SA-00837
๐จ CVE-2022-40982
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
๐@cveNotify
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
๐@cveNotify
Intel
INTEL-SA-00828
๐จ CVE-2023-0871
XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter and Moshe Apelbaum for reporting this issue.
๐@cveNotify
XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter and Moshe Apelbaum for reporting this issue.
๐@cveNotify
GitHub
NMS-15699: Prevent external xml entity loading by fooker ยท Pull Request #6355 ยท OpenNMS/opennms
All Contributors
Have you read our Contribution Guidelines?
Have you (electronically) signed the OpenNMS Contributor Agreement?
Contribution Checklist
Please make an issue in the OpenNMS issue...
Have you read our Contribution Guidelines?
Have you (electronically) signed the OpenNMS Contributor Agreement?
Contribution Checklist
Please make an issue in the OpenNMS issue...
๐จ CVE-2023-32006
The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.
This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.
Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
๐@cveNotify
The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.
This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.
Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
๐@cveNotify
HackerOne
Node.js disclosed on HackerOne: Policy-restricted modules can...
The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.
This vulnerability affects all users...
This vulnerability affects all users...
๐จ CVE-2023-32004
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions.
This vulnerability affects all users using the experimental permission model in Node.js 20.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
๐@cveNotify
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions.
This vulnerability affects all users using the experimental permission model in Node.js 20.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
๐@cveNotify
HackerOne
Node.js disclosed on HackerOne: Permission model bypass by...
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a...
๐จ CVE-2023-32003
`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory.
This vulnerability affects all users using the experimental permission model in Node.js 20.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
๐@cveNotify
`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory.
This vulnerability affects all users using the experimental permission model in Node.js 20.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
๐@cveNotify
HackerOne
Node.js disclosed on HackerOne: fs.mkdtemp() and fs.mkdtempSync()...
`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is...
๐จ CVE-2023-4374
The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber privileges or above, to view logs.
๐@cveNotify
The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber privileges or above, to view logs.
๐@cveNotify
Wordfence
WP Remote Users Sync <= 1.2.11 - Missing Authorization to Authenticated (Subscriber+) Log View โ Wordfence Intelligence
๐จ CVE-2023-3958
The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. This was partially patched in version 1.2.12 and fully patched in version 1.2.13.
๐@cveNotify
The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. This was partially patched in version 1.2.12 and fully patched in version 1.2.13.
๐@cveNotify