Hírolvasó

NVD: all CVE · 9 óra 16 perc

CVE-2023-23149

DEK-1705 <=Firmware:34.23.1 device was discovered to have a command execution vulnerability.
NVD: all CVE · 9 óra 16 perc

CVE-2023-27042

Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg.
ECHO Network · 2023. március 24.

CVE-2023-28446

NVD: all CVE · 2023. március 24.

CVE-2023-1583

A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash.
NVD: all CVE · 2023. március 24.

CVE-2023-26864

SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent.
NVD: all CVE · 2023. március 24.

CVE-2023-27055

Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request.
NVD: all CVE · 2023. március 24.

CVE-2023-28150

An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
NVD: all CVE · 2023. március 24.

CVE-2023-28435

Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has been fixed in version 1.18.5.