Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-43198: bug_submit/D-Link/DI-7200GV2/bug5.md at main · Archerber/bug_submit

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function.

CVE
Open in Source
#vulnerability#git
CVE-2023-43199: bug_submit/D-Link/DI-7200GV2/bug6.md at main · Archerber/bug_submit

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function.

CVE-2023-43200: bug_submit/D-Link/DI-7200GV2/bug3.md at main · Archerber/bug_submit

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function.

CVE-2023-43197: bug_submit/D-Link/DI-7200GV2/bug1.md at main · Archerber/bug_submit

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function.

CVE-2023-43196: bug_submit/D-Link/DI-7200GV2/bug4.md at main · Archerber/bug_submit

D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function.

CVE-2023-43203: bug_submit/D-Link/DWL-6610/bug1.md at main · Archerber/bug_submit

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users.

CVE-2022-1438: Invalid Bug ID

A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.

CVE-2019-19450: reportlab-mirror/CHANGES.md at master · MrBitBucket/reportlab-mirror

paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.

CVE-2023-3341: CVE-2023-3341

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.

CVE-2023-0829: Cross Site Scripting Xss Vulnerability Plesk | INCIBE-CERT

Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription.