CVE-2023-2840
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
Source: CVE-2023-2840
[월:] 2023년 05월
CVE-2023-2839
CVE-2023-2838
CVE-2023-2838
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
Source: CVE-2023-2838
CVE-2023-2837
CVE-2023-2837
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.
Source: CVE-2023-2837
CVE-2023-27066
CVE-2023-27066
Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle.
Source: CVE-2023-27066
CVE-2023-31742
CVE-2023-31742
There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.
Source: CVE-2023-31742
CVE-2023-31103
CVE-2023-31103
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.Â
Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it.
Source: CVE-2023-31103
CVE-2023-31066
CVE-2023-31066
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others’ sources! Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it.
Source: CVE-2023-31066
CVE-2023-33293
CVE-2023-33293
An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on *.localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read the manifest.webmanifest contents, including the app version.
Source: CVE-2023-33293
CVE-2023-32350
CVE-2023-32350
Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.
Source: CVE-2023-32350