Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-2446: UserPro <= 5.1.1 - Sensitive Information Disclosure via Shortcode — Wordfence Intelligence

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account.

CVE
Open in Source
#vulnerability#wordpress#intel#perl#auth
CVE-2023-47016: heap-buffer-overflow at /radare2/libr/include/r_endian.h:194:17 in r_read_le32 · Issue #22349 · radareorg/radare2

radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.

CVE-2023-47393: Mercedes-benz can download repair orders and contract orders at will

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors.

CVE-2023-47392: Mercedes me IOS APP has the vulnerability of exceeding the authority to add shopping cart orders and query shopping cart contents

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request.

CVE-2023-41146: Security Advisories | Autodesk Trust Center

Autodesk Customer Support Portal allows cases created by users under an account to see cases created by other users on the same account.

CVE-2023-29069: adsk-sa-2023-0013

A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability.

CVE-2023-48161: GIFLIB / Bugs / #167 Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c

Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c

CVE-2023-46814: VideoLAN Security Bulletin VLC 3.0.19

A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.

CVE-2022-35638: Security Bulletin: IBM Sterling B2B Integrator dashboard is vulnerable to cross-site request forgery (CVE-2022-35638)

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230824.

CVE-2021-22143: Elastic APM .NET Agent 1.10.0 Security Update

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers will not be sanitized before being sent.