Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-42183: A Post-Unicode Normalization Vulnerability

lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.

CVE
Open in Source
#vulnerability
CVE-2023-36878

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2023-40954: OdZoo/exploits/web_progress at main · luvsn/OdZoo

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component.

CVE-2023-48050: OdZoo/exploits/odoo-biometric-attendance at main · luvsn/OdZoo

SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component.

CVE-2023-6831

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

CVE-2023-6832

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.

CVE-2023-48049: OdZoo/exploits/website_search_blog at main · luvsn/OdZoo

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component.

CVE-2023-4489

The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.

CVE-2023-6134

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

CVE-2023-6707: Stable Channel Update for Desktop

Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)