Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-40054

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226

CVE
Open in Source
#vulnerability#rce
CVE-2023-6039: cve-details

A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.

CVE-2023-47364: CVE-reports/nagaoka taxi.md at main · syz913/CVE-reports

The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send malicious notifications to victims

CVE-2023-47363: CVE-reports/F.B.P members.md at main · syz913/CVE-reports

The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims.

CVE-2023-4612: Podatność w oprogramowaniu Apereo CAS

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.

CVE-2023-47365: CVE-reports/Lil.OFF-PRICE STORE.md at main · syz913/CVE-reports

The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims.

CVE-2023-47367: CVE-reports/platinum clinic.md at main · syz913/CVE-reports

The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to send malicious notifications to victims.

CVE-2023-47369: CVE-reports/best_training_member.md at main · syz913/CVE-reports

The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers to send malicious notifications.

CVE-2023-47366: CVE-reports/craft_members.md at main · syz913/CVE-reports

The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send malicious notifications to victims.

CVE-2023-6052

A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. Affected is an unknown function of the file general/system/censor_words/module/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-244872. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.