Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-40802: Vulnerability/Tenda/AC23/get_parentControl_list_Info at main · lst-oss/Vulnerability

The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn

CVE
Open in Source
#vulnerability#git#auth
CVE-2023-40800: Vulnerability/Tenda/AC23/compare_parentcontrol_time at main · lst-oss/Vulnerability

The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.

CVE-2023-40801: Vulnerability/Tenda/AC23/sub_451784 at main · lst-oss/Vulnerability

The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn

CVE-2023-39742: Notify CVE about a publication

giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.

Learn How Your Business Data Can Amplify Your AI/ML Threat Detection Capabilities

In today's digital landscape, your business data is more than just numbers—it's a powerhouse. Imagine leveraging this data not only for profit but also for enhanced AI and Machine Learning (ML) threat detection. For companies like Comcast, this isn't a dream. It's reality. Your business comprehends its risks, vulnerabilities, and the unique environment in which it operates. No generic,

CVE-2023-41173: AdGuard DNS — ad-blocking DNS server

AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets.

CVE-2023-40217: Mailman 3 [CVE-2023-40217] Bypass TLS handshake on closed sockets - Security-announce

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

CVE-2023-40182: The server responds in a noticeably different amount of time depending if a given email address exists or not

Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7.

CVE-2023-38974: uasoft-indonesia--badaso/XSS4.md at main · anh91/uasoft-indonesia--badaso

A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.

CVE-2023-38973: uasoft-indonesia--badaso/xss5.md at main · anh91/uasoft-indonesia--badaso

A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.