CVE-2023-23143
Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master.
Source: CVE-2023-23143
[월:] 2023년 01월
CVE-2023-23015
CVE-2023-23015
Cross Site Scripting (XSS) vulnerability in Kalkun 0.8.0 via username input in file User_model.php.
Source: CVE-2023-23015
CVE-2023-23010
CVE-2023-23010
Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the languages and trans_load parameters in file add_product.php.
Source: CVE-2023-23010
CVE-2023-24021
CVE-2023-24021
In ModSecurity before 2.9.7, FILES_TMP_CONTENT sometimes lacked the complete content. This can lead to a Web Application Firewall bypass.
Source: CVE-2023-24021
CVE-2023-23014
CVE-2023-23014
Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c (on Apr 23, 2021) via edit_store_name and edit_active inputs in file InventorySystem.php.
Source: CVE-2023-23014
CVE-2022-47024
CVE-2022-47024
A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.
Source: CVE-2022-47024
CVE-2023-22458
CVE-2023-22458
Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Source: CVE-2023-22458
CVE-2022-47021
CVE-2022-47021
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.
Source: CVE-2022-47021
CVE-2022-48279
CVE-2022-48279
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
Source: CVE-2022-48279
CVE-2022-47016
CVE-2022-47016
A null pointer dereference issue was discovered in function window_pane_set_event in window.c in tmux 3.0 thru 3.3 allows attackers to cause denial of service or other unspecified impacts.
Source: CVE-2022-47016