Recent CVE entries
Stay updated about the Latest Security Vulnerabilities
30 Latest CVEs. The New badge indicates CVEs published in the past 24 hours.
CVE-2023-43281
0.0
Last updated 4 weeks ago
- Summary:
- Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.
- CWE ID:
- CWE-415
- CVSS Score:
- 0.0
- References:
-
- https://gist.github.com/peccc/d8761f6ac45ad55cbd194dd7e6fdfdac
- https://github.com/peccc/double-stb
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/
- Published:
- 2023-10-25 18:17:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-45661
0.0
Last updated 4 weeks ago
- Summary:
- stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information.
- CWE ID:
- CWE-125
- CVSS Score:
- 0.0
- References:
-
- https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6817
- https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7021-L7022
- https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/
- Published:
- 2023-10-21 00:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-45662
0.0
Last updated 4 weeks ago
- Summary:
- stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions.
- CWE ID:
- CWE-125
- CVSS Score:
- 0.0
- References:
-
- https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1235
- https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/
- Published:
- 2023-10-21 00:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-45663
0.0
Last updated 4 weeks ago
- Summary:
- stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.
- CWE ID:
- CWE-908
- CVSS Score:
- 0.0
- References:
-
- https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L5936C10-L5936C20
- https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7221
- https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1664
- https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/
- Published:
- 2023-10-21 00:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-45664
0.0
Last updated 4 weeks ago
- Summary:
- stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.
- CWE ID:
- CWE-415
- CVSS Score:
- 0.0
- References:
-
- https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
- https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6993-L6995
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/
- Published:
- 2023-10-21 00:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-45666
0.0
Last updated 4 weeks ago
- Summary:
- stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed
- CWE ID:
- CWE-415
- CVSS Score:
- 0.0
- References:
-
- https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6962-L7045
- https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
- https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6957
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/
- Published:
- 2023-10-21 00:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-45667
0.0
Last updated 4 weeks ago
- Summary:
- stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.
- CWE ID:
- CWE-476
- CVSS Score:
- 0.0
- References:
-
- https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1442-L1454
- https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1448
- https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/
- Published:
- 2023-10-21 00:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-45675
0.0
Last updated 4 weeks ago
- Summary:
- stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.
- CWE ID:
- CWE-787
- CVSS Score:
- 0.0
- References:
-
- https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658
- https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3658
- https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
- https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L960
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/
- Published:
- 2023-10-21 00:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-4822
0.0
Last updated 4 weeks ago
- Summary:
- Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user. The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.
- CWE ID:
- NVD-CWE-noinfo
- CVSS Score:
- 0.0
- References:
- Published:
- 2023-10-16 09:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-42795
0.0
Last updated 4 weeks ago
- Summary:
- Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
- CWE ID:
- CWE-459
- CVSS Score:
- 0.0
- References:
-
- https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
- http://www.openwall.com/lists/oss-security/2023/10/10/9
- https://www.debian.org/security/2023/dsa-5522
- https://www.debian.org/security/2023/dsa-5521
- https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
- https://security.netapp.com/advisory/ntap-20231103-0007/
- Published:
- 2023-10-10 18:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-45648
0.0
Last updated 4 weeks ago
- Summary:
- Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
- CWE ID:
- CWE-20
- CVSS Score:
- 0.0
- References:
-
- https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp
- http://www.openwall.com/lists/oss-security/2023/10/10/10
- https://www.debian.org/security/2023/dsa-5522
- https://www.debian.org/security/2023/dsa-5521
- https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
- https://security.netapp.com/advisory/ntap-20231103-0007/
- Published:
- 2023-10-10 19:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-43785
0.0
Last updated 4 weeks ago
- Summary:
- A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
- CWE ID:
- CWE-125
- CVSS Score:
- 0.0
- References:
- Published:
- 2023-10-10 13:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-43786
0.0
Last updated 4 weeks ago
- Summary:
- A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
- CWE ID:
- CWE-835
- CVSS Score:
- 0.0
- References:
- Published:
- 2023-10-10 13:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-43787
0.0
Last updated 4 weeks ago
- Summary:
- A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
- CWE ID:
- CWE-190
- CVSS Score:
- 0.0
- References:
- Published:
- 2023-10-10 13:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-29499
0.0
Last updated 4 weeks ago
- Summary:
- A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
- CWE ID:
- CWE-400
- CVSS Score:
- 0.0
- References:
- Published:
- 2023-09-14 20:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-25586
0.0
Last updated 4 weeks ago
- Summary:
- A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
- CWE ID:
- CWE-908
- CVSS Score:
- 0.0
- References:
-
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502
- https://sourceware.org/bugzilla/show_bug.cgi?id=29855
- https://bugzilla.redhat.com/show_bug.cgi?id=2167502
- https://access.redhat.com/security/cve/CVE-2023-25586
- https://security.netapp.com/advisory/ntap-20231103-0003/
- Published:
- 2023-09-14 21:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-25584
0.0
Last updated 4 weeks ago
- Summary:
- An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
- CWE ID:
- CWE-125
- CVSS Score:
- 0.0
- References:
- Published:
- 2023-09-14 21:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-25588
0.0
Last updated 4 weeks ago
- Summary:
- A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
- CWE ID:
- CWE-908
- CVSS Score:
- 0.0
- References:
-
- https://bugzilla.redhat.com/show_bug.cgi?id=2167505
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1
- https://access.redhat.com/security/cve/CVE-2023-25588
- https://sourceware.org/bugzilla/show_bug.cgi?id=29677
- https://security.netapp.com/advisory/ntap-20231103-0003/
- Published:
- 2023-09-14 21:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-25585
0.0
Last updated 4 weeks ago
- Summary:
- A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
- CWE ID:
- CWE-908
- CVSS Score:
- 0.0
- References:
-
- https://sourceware.org/bugzilla/show_bug.cgi?id=29892
- https://bugzilla.redhat.com/show_bug.cgi?id=2167498
- https://access.redhat.com/security/cve/CVE-2023-25585
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7
- https://security.netapp.com/advisory/ntap-20231103-0003/
- Published:
- 2023-09-14 21:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-32005
0.0
Last updated 4 weeks ago
- Summary:
- A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.statfs` API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
- CWE ID:
- CWE-732
- CVSS Score:
- 0.0
- References:
- Published:
- 2023-09-12 02:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2023-42467
0.0
Last updated 4 weeks ago
- Summary:
- QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.
- CWE ID:
- CWE-369
- CVSS Score:
- 0.0
- References:
- Published:
- 2023-09-11 04:15:00
- Last Modified:
- 2023-11-04 06:15:00
CVE-2022-4573
0.0
Last updated 4 weeks ago
- Summary:
- An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.
- CWE ID:
- NVD-CWE-noinfo
- CVSS Score:
- 0.0
- References:
- Published:
- 2023-10-30 15:15:00
- Last Modified:
- 2023-11-04 03:24:00
CVE-2023-43322
0.0
Last updated 4 weeks ago
- Summary:
- ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/.
- CWE ID:
- CWE-77
- CVSS Score:
- 0.0
- References:
- Published:
- 2023-10-28 01:15:00
- Last Modified:
- 2023-11-04 03:24:00
CVE-2023-5717
0.0
Last updated 4 weeks ago
- Summary:
- A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.
- CWE ID:
- CWE-787
- CVSS Score:
- 0.0
- References:
- Published:
- 2023-10-25 18:17:00
- Last Modified:
- 2023-11-04 03:24:00
CVE-2023-45797
0.0
Last updated 4 weeks ago
- Summary:
- A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code.
- CWE ID:
- CWE-120
- CVSS Score:
- 0.0
- References:
- Published:
- 2023-10-30 07:15:00
- Last Modified:
- 2023-11-04 03:23:00
CVE-2023-46866
0.0
Last updated 4 weeks ago
- Summary:
- In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes.
- CWE ID:
- CWE-787
- CVSS Score:
- 0.0
- References:
- Published:
- 2023-10-30 03:15:00
- Last Modified:
- 2023-11-04 03:23:00
CVE-2023-46867
0.0
Last updated 4 weeks ago
- Summary:
- In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference.
- CWE ID:
- CWE-476
- CVSS Score:
- 0.0
- References:
- Published:
- 2023-10-30 03:15:00
- Last Modified:
- 2023-11-04 03:23:00
CVE-2023-5810
0.0
Last updated 4 weeks ago
- Summary:
- A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. The identifier VDB-243641 was assigned to this vulnerability.
- CWE ID:
- CWE-79
- CVSS Score:
- 0.0
- References:
- Published:
- 2023-10-27 01:15:00
- Last Modified:
- 2023-11-04 03:23:00
CVE-2023-21373
0.0
Last updated 4 weeks ago
- Summary:
- In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CWE ID:
- CWE-862
- CVSS Score:
- 0.0
- References:
- Published:
- 2023-10-30 18:15:00
- Last Modified:
- 2023-11-04 03:22:00
CVE-2023-21374
0.0
Last updated 4 weeks ago
- Summary:
- In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CWE ID:
- NVD-CWE-noinfo
- CVSS Score:
- 0.0
- References:
- Published:
- 2023-10-30 18:15:00
- Last Modified:
- 2023-11-04 03:22:00