CVE-2023-23563
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection.
Source: CVE-2023-23563
[월:] 2023년 08월
CVE-2022-48571
CVE-2022-48571
memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.
Source: CVE-2022-48571
CVE-2022-48570
CVE-2022-48570
Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.
Source: CVE-2022-48570
CVE-2022-48565
CVE-2022-48565
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Source: CVE-2022-48565
CVE-2022-48566
CVE-2022-48566
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
Source: CVE-2022-48566
CVE-2023-23564
CVE-2023-23564
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands.
Source: CVE-2023-23564
CVE-2023-23565
CVE-2023-23565
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion.
Source: CVE-2023-23565
CVE-2022-48541
CVE-2022-48541
A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.
Source: CVE-2022-48541
CVE-2022-48522
CVE-2022-48522
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
Source: CVE-2022-48522
CVE-2022-48538
CVE-2022-48538
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.
Source: CVE-2022-48538