CVE-2023-25433
libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.
Source: CVE-2023-25433
[월:] 2023년 06월
CVE-2023-26966
CVE-2023-26966
libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.
Source: CVE-2023-26966
CVE-2022-44720
CVE-2022-44720
An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot.
Source: CVE-2022-44720
CVE-2023-36484
CVE-2023-36484
ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS).
Source: CVE-2023-36484
CVE-2023-33190
CVE-2023-33190
Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.0 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Source: CVE-2023-33190
CVE-2023-30946
CVE-2023-30946
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry’s Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
Source: CVE-2023-30946
CVE-2023-30955
CVE-2023-30955
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to ‘Developer Mode’. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
Source: CVE-2023-30955
CVE-2023-26085
CVE-2023-26085
A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02.
Source: CVE-2023-26085
CVE-2023-36487
CVE-2023-36487
The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account.
Source: CVE-2023-36487
CVE-2023-34658
CVE-2023-34658
Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController.
Source: CVE-2023-34658