Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-29348

Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability

CVE
Open in Source
#vulnerability#windows
CVE-2023-36417

Microsoft SQL ODBC Driver Remote Code Execution Vulnerability

CVE-2023-36418

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

CVE-2023-36433

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CVE-2023-36561

Azure DevOps Server Elevation of Privilege Vulnerability

CVE-2023-5497

A vulnerability classified as critical has been found in Tongda OA 2017 11.10. Affected is an unknown function of the file general/hr/salary/welfare_manage/delete.php. The manipulation of the argument WELFARE_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241650 is the identifier assigned to this vulnerability.

CVE-2023-4309

Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused elections and enabled web application firewall (WAF) protection for current and future elections on or around 2023-08-12.

CVE-2023-36419

Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability

CVE-2023-45129: Rooms - Synapse

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API.

CVE-2023-42794

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.