CVE-2023-29741
An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database.
Source: CVE-2023-29741
[월:] 2023년 05월
CVE-2023-2952
CVE-2023-2952
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
Source: CVE-2023-2952
CVE-2023-34153
CVE-2023-34153
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
Source: CVE-2023-34153
CVE-2023-34152
CVE-2023-34152
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with –enable-pipes configured.
Source: CVE-2023-34152
CVE-2023-34151
CVE-2023-34151
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).
Source: CVE-2023-34151
CVE-2023-32342
CVE-2023-32342
IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 255828.
Source: CVE-2023-32342
CVE-2023-2931
CVE-2023-2931
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Source: CVE-2023-2931
CVE-2023-33961
CVE-2023-33961
Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time of publication, a patch does not exist.
Source: CVE-2023-33961
CVE-2023-2930
CVE-2023-2930
Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Source: CVE-2023-2930
CVE-2023-2953
CVE-2023-2953
A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.
Source: CVE-2023-2953