CVE-2023-3582
Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don’t have access to,Â
Source: CVE-2023-3582
[월:] 2023년 07월
CVE-2023-37974
CVE-2023-37974
Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin <=Â 4.6.1 versions.
Source: CVE-2023-37974
CVE-2023-3587
CVE-2023-3587
Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.
Source: CVE-2023-3587
CVE-2023-3590
CVE-2023-3590
Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments.
Source: CVE-2023-3590
CVE-2023-37985
CVE-2023-37985
Cross-Site Request Forgery (CSRF) vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin <=Â 2.4.6 versions.
Source: CVE-2023-37985
CVE-2023-36656
CVE-2023-36656
Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI before v.1.31.0 allows a remote attacker to execute arbitrary code via the KeyValuesTable component.
Source: CVE-2023-36656
CVE-2022-36424
CVE-2022-36424
Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <=Â 3.11.9 versions.
Source: CVE-2022-36424
CVE-2022-38062
CVE-2022-38062
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme plugin <=Â 1.0.9 versions.
Source: CVE-2022-38062
CVE-2023-35818
CVE-2023-35818
An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code.
Source: CVE-2023-35818
CVE-2023-37968
CVE-2023-37968
Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <=Â 1.3.39 versions.
Source: CVE-2023-37968