Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-37143: SEGV on unknown address 0x000000000000 · Issue #6888 · chakra-core/ChakraCore

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp().

CVE
Open in Source
#linux#js
CVE-2023-37142: SEGV (/root/ChakraCore-latest/out/Release/ch+0x6e3fff) in Js::EntryPointInfo::HasInlinees() · Issue #6887 · chakra-core/ChakraCore

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees().

CVE-2023-37140: SEGV (/root/ChakraCore-latest/out/Release/ch+0x8bcaaf) in Js::DiagScopeVariablesWalker::GetChildrenCount() · Issue #6885 · chakra-core/ChakraCore

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount().

CVE-2023-37139: dynamic-stack-buffer-overflow in release build · Issue #6884 · chakra-core/ChakraCore

ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray().

CVE-2023-2913: ThinManager® ThinServer™ Path Traversal Vulnerability

An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server’s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.

CVE-2023-30383: Download for Archer C2 | TP-Link

TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data.

CVE-2023-30153: [CVE-2023-30153] Improper neutralization of a SQL parameter in the Payplug (payplug) module for PrestaShop

An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller.

CVE-2023-37480: Merge pull request from GHSA-g95c-2jgm-hqc6 · ethyca/fides@5aea738

Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb file, resulting in resource exhaustion and service unavailability for all users of the Fides webserver. This vulnerability affects Fides versions `2.11.0` through `2.15.1`. Exploitation is limited to users with elevated privileges with the `CONNECTOR_TEMPLATE_REGISTER` scope, which includes root users and users with the owner role. The vulnerability has been patched in Fides version `2.16.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There is no known workaround to remediate this vulnerability without upgrading. If an attack occurs, the impact can be mitigated by manually or automatically restarting the affected container.