» CVE

CVE-2023-41725

Posted on 2023년 11월 4일2023년 11월 4일 by admin

CVE-2023-41725

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability

Source: CVE-2023-41725

CVE-2023-41726

Posted on 2023년 11월 4일2023년 11월 4일 by admin

CVE-2023-41726

Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability

Source: CVE-2023-41726

CVE-2022-3172

Posted on 2023년 11월 4일2023년 11월 4일 by admin

CVE-2022-3172

A security issue was discovered in kube-apiserver that allows an
aggregated API server to redirect client traffic to any URL. This could
lead to the client performing unexpected actions as well as forwarding
the client’s API server credentials to third parties.

Source: CVE-2022-3172

CVE-2022-43554

Posted on 2023년 11월 4일2023년 11월 4일 by admin

CVE-2022-43554

Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability

Source: CVE-2022-43554

CVE-2022-43555

Posted on 2023년 11월 4일2023년 11월 4일 by admin

CVE-2022-43555

Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability

Source: CVE-2022-43555

CVE-2022-44569

Posted on 2023년 11월 4일2023년 11월 4일 by admin

CVE-2022-44569

A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.

Source: CVE-2022-44569

CVE-2023-3893

Posted on 2023년 11월 4일2023년 11월 4일 by admin

CVE-2023-3893

A security issue was discovered in Kubernetes where a user that can
create pods on Windows nodes running kubernetes-csi-proxy may be able to
escalate to admin privileges on those nodes. Kubernetes clusters are
only affected if they include Windows nodes running
kubernetes-csi-proxy.

Source: CVE-2023-3893

CVE-2023-25990

Posted on 2023년 11월 4일2023년 11월 4일 by admin

CVE-2023-25990

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.

Source: CVE-2023-25990

CVE-2023-36529

Posted on 2023년 11월 4일2023년 11월 4일 by admin

CVE-2023-36529

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Favethemes Houzez – Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez – Real Estate WordPress Theme: from n/a through 1.3.4.

Source: CVE-2023-36529

CVE-2023-23369

Posted on 2023년 11월 4일2023년 11월 4일 by admin

CVE-2023-23369

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.

We have already fixed the vulnerability in the following versions:
Multimedia Console 2.1.2 ( 2023/05/04 ) and later
Multimedia Console 1.4.8 ( 2023/05/05 ) and later
QTS 5.1.0.2399 build 20230515 and later
QTS 4.3.6.2441 build 20230621 and later
QTS 4.3.4.2451 build 20230621 and later
QTS 4.3.3.2420 build 20230621 and later
QTS 4.2.6 build 20230621 and later
Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later
Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later

Source: CVE-2023-23369