Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-49287: Buffer overflow vulnerabilities in tinydir

TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6.

CVE
#vulnerability#windows#microsoft#dos#git#c++#buffer_overflow
CVE-2023-49108: Support Site(����)

Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges.

CVE-2023-49093: HtmlUnit 3.8.0 are vulnerable to Remote Code Execution (RCE) via XSTL

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0

CVE-2023-32870

In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363740; Issue ID: ALPS07363740.

CVE-2023-40687: IBM® Db2® is vulnerable to denial of service with a specially crafted RUNSTATS command. (CVE-2023-40687)

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.

CVE-2023-38727: IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement. (CVE-2023-38727)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.

CVE-2023-29258: IBM® Db2® is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. (CVE-2023-29258)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.

CVE-2023-38003: IBM® Db2® is vulnerable to privilege escalation with DATAACCESS. (CVE-2023-38003)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214.

CVE-2023-47701: IBM® Db2® is vulnerable to denial of service with a specially crafted query. (CVE-2023-43020)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.

CVE-2023-46167: IBM® Db2® federated server is vulnerable to a denial of service when a specially crafted cursor is used. (CVE-2023-46167)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.