CVE-2023-33779
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user’s account via a crafted POST request to the component /jobinfo/.
Source: CVE-2023-33779
[월:] 2023년 05월
CVE-2023-2817
CVE-2023-2817
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.
Source: CVE-2023-2817
CVE-2023-31226
CVE-2023-31226
The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality.
Source: CVE-2023-31226
CVE-2023-31225
CVE-2023-31225
The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability.
Source: CVE-2023-31225
CVE-2023-20883
CVE-2023-20883
In Spring Boot versions 3.0.0 – 3.0.6, 2.7.0 – 2.7.11, 2.6.0 – 2.6.14, 2.5.0 – 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
Source: CVE-2023-20883
CVE-2023-2002
CVE-2023-2002
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
Source: CVE-2023-2002
CVE-2022-48479
CVE-2022-48479
The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.
Source: CVE-2022-48479
CVE-2023-20882
CVE-2023-20882
In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool.
Source: CVE-2023-20882
CVE-2022-48480
CVE-2022-48480
Integer overflow vulnerability in some phones. Successful exploitation of this vulnerability may affect service confidentiality.
Source: CVE-2022-48480
CVE-2022-48478
CVE-2022-48478
The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.
Source: CVE-2022-48478