Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-41160: Usermin-2.001/CVE-2023-41160 at main · shindeanik/Usermin-2.001

A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key.

CVE
Open in Source
#xss#vulnerability#web#git#auth#ssh
CVE-2023-38912: Super Store Finder PHP Script 3.6 SQL Injection ≈ Packet Storm

SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter.

CVE-2023-25586

A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

CVE-2023-25585: Invalid Bug ID

A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

CVE-2023-25584: cve-details

An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

CVE-2023-32611: cve-details

A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.

CVE-2023-32636: (CVE-2023-32636) fuzz_variant_text: Timeout in fuzz_variant_text (#2841) · Issues · GNOME / GLib · GitLab

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.

CVE-2023-32665: Invalid Bug ID

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

CVE-2023-29499: (CVE-2023-29499) GVariant offset table entry size is not checked in is_normal() (#2794) · Issues · GNOME / GLib · GitLab

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.

CVE-2023-4965

A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732.