Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-45468: CVE/netis_N3/buffer overflow in pingWdogIp parameter leads to DOS.md at main · adhikara13/CVE

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE
Open in Source
#vulnerability#dos#git#buffer_overflow
CVE-2023-45465: CVE/netis_N3/blind command injection in ddnsDomainName parameter in Dynamic DNS setting.md at main · adhikara13/CVE

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings.

CVE-2023-45467: CVE/netis_N3/blind command injection in ntpServIP parameter in Time Settings .md at main · adhikara13/CVE

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings.

CVE-2023-45466: CVE/netis_N3/blind command injection in pin_host parameter in wps setting.md at main · adhikara13/CVE

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings.

CVE-2023-39960

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing protection allows an attacker to brute force passwords on the WebDAV API. Nextcloud Server 25.0.9 and 26.0.4 and Nextcloud Enterprise Server 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4 contain patches for this issue. No known workarounds are available.

CVE-2023-39999: WordPress core < 6.3.2 - Contributor+ Comment Read on Private and Password Protected Post vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.

CVE-2023-43079: DSA-2023-367: Dell OpenManage Server Administrator (OMSA) Security Update for Multiple Vulnerabilities.

Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise.

CVE-2023-38000: WordPress core < 6.3.2 - Contributor+ Stored XSS in Navigation Links Block vulnerability - Patchstack

Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.