CVE-2023-24787
RESERVED churchcrm v4.5.3 was discovered to contain a SQL injection vulnerability via the Event parameter at /churchcrm/EventAttendance.php.
Source: CVE-2023-24787
[월:] 2023년 03월
CVE-2023-24295
CVE-2023-24295
A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows attackers to execute arbitrary code after opening a crafted PDF file.
Source: CVE-2023-24295
CVE-2023-28331
CVE-2023-28331
Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.
Source: CVE-2023-28331
CVE-2023-28611
CVE-2023-28611
Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20 allows an attacker to bypass intended access restrictions.
Source: CVE-2023-28611
CVE-2023-28335
CVE-2023-28335
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.
Source: CVE-2023-28335
CVE-2023-28336
CVE-2023-28336
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
Source: CVE-2023-28336
CVE-2023-28333
CVE-2023-28333
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).
Source: CVE-2023-28333
CVE-2023-28334
CVE-2023-28334
Authenticated users were able to enumerate other users’ names via the learning plans page.
Source: CVE-2023-28334
CVE-2023-28332
CVE-2023-28332
If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.
Source: CVE-2023-28332
CVE-2023-1513
CVE-2023-1513
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
Source: CVE-2023-1513