CVE-2023-28459
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files.
Source: CVE-2023-28459
[월:] 2023년 04월
CVE-2023-28458
CVE-2023-28458
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.
Source: CVE-2023-28458
CVE-2023-20865
CVE-2023-20865
VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.
Source: CVE-2023-20865
CVE-2023-2177
CVE-2023-2177
A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.
Source: CVE-2023-2177
CVE-2021-36436
CVE-2021-36436
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint.
Source: CVE-2021-36436
CVE-2023-2131
CVE-2023-2131
Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code.
Source: CVE-2023-2131
CVE-2023-20873
CVE-2023-20873
In Spring Boot versions 3.0.0 – 3.0.5, 2.7.0 – 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.
Source: CVE-2023-20873
CVE-2023-27090
CVE-2023-27090
Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensitive information via the article title parameter.
Source: CVE-2023-27090
CVE-2023-23579
CVE-2023-23579
Datakit CrossCadWare_x64.dll contains an out-of-bounds write past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This could allow an attacker to execute code in the context of the current process.
Source: CVE-2023-23579
CVE-2023-22295
CVE-2023-22295
Datakit CrossCadWare_x64.dll contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information.
Source: CVE-2023-22295