CVE-2023-40826
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
Source: CVE-2023-40826
[월:] 2023년 08월
CVE-2023-40857
CVE-2023-40857
Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.
Source: CVE-2023-40857
CVE-2023-40827
CVE-2023-40827
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.
Source: CVE-2023-40827
CVE-2023-34724
CVE-2023-34724
An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface.
Source: CVE-2023-34724
CVE-2023-39059
CVE-2023-39059
An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.
Source: CVE-2023-39059
CVE-2023-34725
CVE-2023-34725
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.
Source: CVE-2023-34725
CVE-2023-39652
CVE-2023-39652
theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run().
Source: CVE-2023-39652
CVE-2020-24165
CVE-2020-24165
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).
Source: CVE-2020-24165
CVE-2023-39968
CVE-2023-39968
jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Source: CVE-2023-39968
CVE-2023-40170
CVE-2023-40170
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `–ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks.
Source: CVE-2023-40170