CVE-2023-0995

Cross-site Scripting (XSS) – Stored in GitHub repository unilogies/bumsys prior to v2.0.1.

Source: CVE-2023-0995

CVE-2023-0994

Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.

Source: CVE-2023-0994

CVE-2022-46440

ttftool v0.9.2 was discovered to contain a segmentation violation via the readU16 function at ttf.c.

Source: CVE-2022-46440

CVE-2023-26468

Cerebrate 1.12 does not properly consider organisation_id during creation of API keys.

Source: CVE-2023-26468

CVE-2023-24212

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg.

Source: CVE-2023-24212

CVE-2023-23296

Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.

Source: CVE-2023-23296

CVE-2023-23294

Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root.

Source: CVE-2023-23294

CVE-2023-23295

Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.

Source: CVE-2023-23295

CVE-2022-36231

pdf_info 0.5.3 is vulnerable to Command Execution.

Source: CVE-2022-36231

CVE-2023-0755

The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.

Source: CVE-2023-0755