Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-1183: Invalid Bug ID

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

CVE
Open in Source
CVE-2023-1119

The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin through 2.4 use a third-party library that removes the escaping on some HTML characters, leading to a Cross-Site Scripting vulnerability.

CVE
Open in Source
#xss#vulnerability#wordpress
CVE-2023-1902: HCI Connection Creation Dangling State Reference Re-use

The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.

CVE-2023-2635

The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2023-30449: IBM Db2 denial of service CVE-2023-30449 Vulnerability Report

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439.

CVE-2023-30448: IBM Db2 denial of service CVE-2023-30448 Vulnerability Report

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.

CVE-2023-30447: IBM Db2 denial of service CVE-2023-30447 Vulnerability Report

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436.

CVE-2023-30446: IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361 .

CVE-2023-3566: Vulnerability/WALLABAG/NAME-LIMIT.md at main · ctflearner/Vulnerability

A vulnerability was found in wallabag 2.5.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /config of the component Profile Config. The manipulation of the argument Name leads to allocation of resources. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233359. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-3565: Stored XSS via Default session expiration time in teampass

Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10.