Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-46480: GitHub - owncast/owncast: Take control over your live stream video by running it yourself. Streaming + chat out of the box.

An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function.

CVE
#web#windows#linux#nodejs#git#java#c++#auth
CVE-2023-42366: Invalid Bug ID

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

CVE-2023-42363: Invalid Bug ID

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

CVE-2023-5885

The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users.

CVE-2023-32062: Incorrect system calendar events visibility

OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.

CVE-2023-49044: IOT_VULN/Tenda/AX1803/form_fast_setting_wifi_set.md at main · Anza2001/IOT_VULN

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set.

CVE-2023-48034: GitHub - aprkr/CVE-2023-48034: Weak encryption in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject wireless arbitrary keystrokes.

An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.

CVE-2023-49030: vulnerability/32ns-KLive-SQL-user.php.md at main · Chiaki2333/vulnerability

SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component.

CVE-2022-41951: Path traversal possible during temporary file manipulations

OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.

CVE-2023-49316: Math/BinaryField: fix for excessively large degrees · phpseclib/phpseclib@964d781

In Math/BinaryField.php in phpseclib before 3.0.34, excessively large degrees can lead to a denial of service.