Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-5370

On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0.

CVE
Open in Source
#js#git#amd
CVE-2023-5369

Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability. This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.

CVE-2023-5368

On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).

CVE-2023-33271: CVE-Disclosures/CVE-2023-33271.md at main · l4rRyxz/CVE-Disclosures

An issue was discovered in DTS Monitoring 3.57.0. The parameter common_name within the SSL Certificate check function is vulnerable to OS command injection (blind).

CVE-2023-33270: CVE-Disclosures/CVE-2023-33270.md at main · l4rRyxz/CVE-Disclosures

An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection (blind).

CVE-2023-33268: CVE-Disclosures/CVE-2023-33268.md at main · l4rRyxz/CVE-Disclosures

An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate check function is vulnerable to OS command injection (blind).

CVE-2023-33269: CVE-Disclosures/CVE-2023-33269.md at main · l4rRyxz/CVE-Disclosures

An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind).

CVE-2023-44974: emlog/Plugin-getshell.md at main · yangliukk/emlog

An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

CVE-2023-44973: emlog/Template-getshell.md at main · yangliukk/emlog

An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

CVE-2023-43953: Security-Advisories/CVE-2023-43953 at main · M19O/Security-Advisories

SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component.