CVE-2023-32002

The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.

This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.

Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

Source: CVE-2023-32002

CVE-2023-38035

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

Source: CVE-2023-38035

CVE-2023-38961

Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c.

Source: CVE-2023-38961

CVE-2023-38836

File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code via the GIF header component.

Source: CVE-2023-38836

CVE-2023-31447

user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code.

Source: CVE-2023-31447

CVE-2022-4367

** REJECT ** Duplicate, use CVE-2023-4279 instead.

Source: CVE-2022-4367

CVE-2023-40735

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT – BUTTERFLY BUTTON (Architecture) allows loss of plausible deniability, confidentiality.This issue affects BUTTERFLY BUTTON: As of 2023-08-21.

Source: CVE-2023-40735

CVE-2023-38899

SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.

Source: CVE-2023-38899

CVE-2020-28715

An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).

Source: CVE-2020-28715

CVE-2023-3481

Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug. We recommend upgrading to version 0.0.20 of the extension. 

Source: CVE-2023-3481