CVE-2023-24600
OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book.
Source: CVE-2023-24600
[월:] 2023년 05월
CVE-2023-24601
CVE-2023-24601
OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API’s registry sub-tree.
Source: CVE-2023-24601
CVE-2023-24597
CVE-2023-24597
OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message’s remote resources during printing.
Source: CVE-2023-24597
CVE-2023-29079
CVE-2023-29079
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in a customer-controlled product. Notes: none.
Source: CVE-2023-29079
CVE-2022-33974
CVE-2022-33974
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin <=Â 1.8.4 versions.
Source: CVE-2022-33974
CVE-2023-29078
CVE-2023-29078
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in a customer-controlled product. Notes: none.
Source: CVE-2023-29078
CVE-2022-45372
CVE-2022-45372
Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Gallery Slider for WooCommerce plugin <=Â 2.2.8 versions.
Source: CVE-2022-45372
CVE-2023-28153
CVE-2023-28153
An issue was discovered in the Kiddoware Kids Place Parental Control application before 3.8.50 for Android. The child can remove all restrictions temporarily without the parents noticing by rebooting into Android Safe Mode and disabling the "Display over other apps" permission.
Source: CVE-2023-28153
CVE-2023-30570
CVE-2023-30570
pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.
Source: CVE-2023-30570
CVE-2023-30350
CVE-2023-30350
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password.
Source: CVE-2023-30350