Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-43135: CVE/TPLINK-TL-ER5120G/unauthorized access/Unauthorized Access Vulnerability.md at main · 7R4C4R/CVE

There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.

CVE
Open in Source
#vulnerability#git#auth
CVE-2023-34575: [CVE-2023-34575] Improper neutralization of SQL parameter in Opart Save Cart for PrestaShop

SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods.

CVE-2023-37279: Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input

Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The vulnerability is related to how the backend reads the `days` URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue.

CVE-2023-36109: ==1327323==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x55fb3005c209,0x55fc3005c205) and [0x55fc3005c0f8, 0x55fd3005c0f4) overlap · Issue #5080 · jerryscript-project/jerryscript

Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.

CVE-2023-42321: CVE-2023-42321

Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.

CVE-2023-39677: PrestaShop Modules, Themes, Free Plugins by MyPrestaModules

MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.

CVE-2023-38876: vulnerability-research/CVE-2023-38876 at main · dub-flow/vulnerability-research

A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'.

CVE-2023-42322: CVE-2023-42322

Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.

CVE-2023-38875: vulnerability-research/CVE-2023-38875 at main · dub-flow/vulnerability-research

A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'.

CVE-2023-22024: linux.oracle.com | CVE-2023-22024

In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. A malicious local user with CAP_NET_ADMIN can use this to crash the kernel. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).