CVE-2023-41726
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
Source: CVE-2023-41726
CVE-2023-41725
CVE-2023-41725
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
Source: CVE-2023-41725
CVE-2022-44569
CVE-2022-44569
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.
Source: CVE-2022-44569
CVE-2022-43555
CVE-2022-43555
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
Source: CVE-2022-43555
CVE-2022-43554
CVE-2022-43554
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
Source: CVE-2022-43554
CVE-2022-3172
CVE-2022-3172
A security issue was discovered in kube-apiserver that allows an
aggregated API server to redirect client traffic to any URL. This could
lead to the client performing unexpected actions as well as forwarding
the client’s API server credentials to third parties.
Source: CVE-2022-3172
CVE-2023-3893
CVE-2023-3893
A security issue was discovered in Kubernetes where a user that can
create pods on Windows nodes running kubernetes-csi-proxy may be able to
escalate to admin privileges on those nodes. Kubernetes clusters are
only affected if they include Windows nodes running
kubernetes-csi-proxy.
Source: CVE-2023-3893
CVE-2023-32508
CVE-2023-32508
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection.This issue affects Order Your Posts Manually: from n/a through 2.2.5.
Source: CVE-2023-32508
CVE-2023-25800
CVE-2023-25800
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0.
Source: CVE-2023-25800
CVE-2023-39299
CVE-2023-39299
A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
Music Station 4.8.11 and later
Music Station 5.1.16 and later
Music Station 5.3.23 and later
Source: CVE-2023-39299