CVE-2023-40371

IBM AIX 7.2, 7.3, VIOS 3.1’s OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.

Source: CVE-2023-40371

CVE-2023-34040

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers.

Specifically, an application is vulnerable when all of the following are true:

* The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record
* The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true.
* The user allows untrusted sources to publish to a Kafka topic

By default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record.

Source: CVE-2023-34040

CVE-2023-32511

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.8 versions.

Source: CVE-2023-32511

CVE-2023-32510

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <= 2.2.5 versions.

Source: CVE-2023-32510

CVE-2023-32516

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation plugin <= 2.3.6 versions.

Source: CVE-2023-32516

CVE-2023-38288

** REJECT ** Not a Security Issue.

Source: CVE-2023-38288

CVE-2023-38289

** REJECT ** Not a Security Issue.

Source: CVE-2023-38289

CVE-2023-3705

The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.

Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device.

Source: CVE-2023-3705

CVE-2023-4513

BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file

Source: CVE-2023-4513

CVE-2023-4512

CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file

Source: CVE-2023-4512