CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: September 13, 2024. 03:00:39 UTC
click on an item for more info;
ID | Description | Modified | References |
---|---|---|---|
CVE-2023-42147 | An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component. | September 22, 2023. 02:10:00 | [www.cnblogs.com] |
CVE-2023-40930 | Skyworth 3.0 OS is vulnerable to Directory Traversal. | September 22, 2023. 02:09:00 | [gist.github.com] |
CVE-2023-41484 | An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file. | September 22, 2023. 02:09:00 | [github.com] |
CVE-2023-43620 | An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver. | September 22, 2023. 02:06:00 | [www.openwall.com][github.com] |
CVE-2023-43621 | An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments. | September 22, 2023. 02:06:00 | [www.openwall.com][github.com] |
CVE-2023-43618 | An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips? message. | September 22, 2023. 02:05:00 | [www.openwall.com][github.com] |
CVE-2023-43619 | An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file. | September 22, 2023. 02:05:00 | [www.openwall.com][github.com] |
CVE-2023-2163 | Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. | September 22, 2023. 02:02:00 | [git.kernel.org] |
CVE-2023-32186 | A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1. | September 22, 2023. 02:00:00 | [github.com][bugzilla.suse.com] |
CVE-2023-38887 | File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions. | September 22, 2023. 01:48:00 | [akerva.com][dolibarr.com] |
CVE-2023-38888 | Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject. | September 22, 2023. 01:37:00 | [akerva.com][dolibarr.com] |
CVE-2023-5068 | Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This could allow an attacker to execute code in the context of the current process. | September 21, 2023. 23:15:00 | [diastudio.deltaww.com][www.cisa.gov] |
CVE-2022-30114 | A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS. | September 21, 2023. 22:15:00 | [str0ng4le.github.io][www.fastweb.it] |
CVE-2020-35357 | A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution. | September 21, 2023. 20:15:00 | [savannah.gnu.org][git.savannah.gnu.org] |
CVE-2023-43374 | Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php. | September 21, 2023. 20:03:00 | [flashy-lemonade-192.notion.site] |
CVE-2023-43373 | Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php. | September 21, 2023. 20:02:00 | [flashy-lemonade-192.notion.site] |
CVE-2023-43566 | In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration | September 21, 2023. 20:01:00 | [www.jetbrains.com] |
CVE-2022-47559 | ** UNSUPPPORTED WHEN ASSIGNED ** Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity. | September 21, 2023. 19:53:00 | [www.incibe.es] |
CVE-2023-23957 | An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | September 21, 2023. 19:50:00 | [support.broadcom.com] |
CVE-2022-47554 | ** UNSUPPPORTED WHEN ASSIGNED ** Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server. | September 21, 2023. 19:44:00 | [www.incibe.es] |
Page 795 of 1342