CVE-2023-32610
Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition.
Source: CVE-2023-32610
[월:] 2023년 06월
CVE-2022-29144
CVE-2022-29144
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Source: CVE-2022-29144
CVE-2023-33661
CVE-2023-33661
Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters.
Source: CVE-2023-33661
CVE-2023-34843
CVE-2023-34843
Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request.
Source: CVE-2023-34843
CVE-2023-34738
CVE-2023-36475
CVE-2023-36475
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.
Source: CVE-2023-36475
CVE-2023-3357
CVE-2023-3357
A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system.
Source: CVE-2023-3357
CVE-2023-34736
CVE-2023-34736
Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload.
Source: CVE-2023-34736
CVE-2023-36474
CVE-2023-36474
Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e `app.` Interactsh server used to create cname entries for `app` pointing to `projectdiscovery.github.io` as default, which intended to used for hosting interactsh web client using GitHub pages. This is a security issue with a self-hosted interactsh server in which the user may not have configured a web client but still have a CNAME entry pointing to GitHub pages, making them vulnerable to subdomain takeover. This allows a threat actor to host / run arbitrary client side code (cross-site scripting) in a user’s browser when browsing the vulnerable subdomain. Version 1.0.0 fixes this issue by making CNAME optional, rather than default.
Source: CVE-2023-36474
CVE-2023-3358
CVE-2023-3358
A null pointer dereference was found in the Linux kernel’s Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.
Source: CVE-2023-3358