Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-5214: CVE-2023-5214 Privilege Escalation in Puppet Bolt

In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.

CVE
Open in Source
CVE-2023-23371: Vulnerability in QVPN Device Client for Windows - Security Advisory

A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.2.0.0823 and later

CVE
Open in Source
#vulnerability#windows#js#auth
CVE-2023-32972: Vulnerability in QTS, QuTS hero, and QuTScloud - Security Advisory

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later

CVE-2023-23366: Vulnerabilities in Music Station - Security Advisory

A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later

CVE-2023-23370: Vulnerability in QVPN Device Client for Windows - Security Advisory

An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.1.0.0518 and later

CVE-2023-39928: TALOS-2023-1831 || Cisco Talos Intelligence Group

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.

CVE-2023-44233: WordPress FooGallery plugin <= 2.2.44 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin <= 2.2.44 versions.

CVE-2023-44243: WordPress Instant CSS plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <= 1.2.1 versions.

CVE-2023-41650: WordPress Remove/hide Author, Date, Category Like Entry-Meta plugin <= 2.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <= 2.1 versions.

CVE-2023-41659: WordPress Responsive Gallery Grid plugin <= 2.3.10 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <= 2.3.10 versions.