CVE-2023-25915
Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.
Source: CVE-2023-25915
[월:] 2023년 08월
CVE-2023-25914
CVE-2023-25914
Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.
Source: CVE-2023-25914
CVE-2023-25913
CVE-2023-25913
Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.
Source: CVE-2023-25913
CVE-2023-36787
CVE-2023-36787
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Source: CVE-2023-36787
CVE-2023-38158
CVE-2023-38158
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Source: CVE-2023-38158
CVE-2023-4459
CVE-2023-4459
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.
Source: CVE-2023-4459
CVE-2023-4417
CVE-2023-4417
Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.
Source: CVE-2023-4417
CVE-2023-40352
CVE-2023-40352
McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.
Source: CVE-2023-40352
CVE-2023-4373
CVE-2023-4373
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.
Source: CVE-2023-4373
CVE-2023-4456
CVE-2023-4456
A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Source: CVE-2023-4456