Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-39530: Merge remote-tracking branch 'ghsa-v4gr-v679-42p7/advisory-fix-1' int… · PrestaShop/PrestaShop@6ce750b

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

CVE
Open in Source
#vulnerability#web#git
CVE-2023-39529: Merge remote-tracking branch 'ghsa-2rf5-3fw8-qm47/advisory-fix-3' int… · PrestaShop/PrestaShop@b08c647

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

CVE-2023-39520: Release 1.9.3 (Windows Only) · cryptomator/cryptomator

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround.

CVE-2023-4201: Inventory-Management-System/SQL Injection in ex_catagory_data.php/vuln.md at main · Yesec/Inventory-Management-System

A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file ex_catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236291.

CVE-2023-39524: Merge remote-tracking branch 'ghsa-75p5-jwx4-qw9h/fix-advisory-1' int… · PrestaShop/PrestaShop@2047d4c

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

CVE-2023-38930: IoT-Vulns/tenda/addWifiMacFilter/README.md at main · FirmRec/IoT-Vulns

Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.

CVE-2023-38931: IoT-Vulns/tenda/cloudv2_setaccount/README.md at main · FirmRec/IoT-Vulns

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.

CVE-2023-36499: IoT-Vulns/netgear/nvram_ssid/README.md at main · FirmRec/IoT-Vulns

Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi.

CVE-2023-38922: IoT-Vulns/netgear/http_passwd_auth/README.md at main · FirmRec/IoT-Vulns

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function.

CVE-2023-38924: IoT-Vulns/netgear/http_password_create_smb_cfg/README.md at main · FirmRec/IoT-Vulns

Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi.