Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-38685: SECURITY: Hide restricted tags in noscript view · discourse/discourse@0736611

Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches.

CVE
Open in Source
#sql#auth
CVE-2023-37906: DoS via post edit reason

Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.

CVE-2023-3488

Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.

CVE-2023-37904: SECURITY: Handle concurrent invite accepts · discourse/discourse@62a609e

Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.

CVE-2023-39022: My-CVE-Public-References/opensymphony_oscore at main · LetianYuan/My-CVE-Public-References

oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument.

CVE-2023-39017: There's a code injection vulnerability of `org.quartz.jobs.ee.jms.SendQueueMessageJob.execute` · Issue #943 · quartz-scheduler/quartz

quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument.

CVE-2023-39018: There's a code injection vulnerability of `net.bramp.ffmpeg.FFmpeg.<constructor>` · Issue #291 · bramp/ffmpeg-cli-wrapper

FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument.

CVE-2023-39016: There's a code injection vulnerability of `com.frameworkset.common.poolman.util.SQLManager.createPool` · Issue #I7MH08 · bboss/bboss - Gitee

bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument.

CVE-2023-39023: My-CVE-Public-References/org_compass-project_compass at main · LetianYuan/My-CVE-Public-References

university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument.

CVE-2023-39013: There's a code injection vulnerability of `no.priv.garshol.duke.server.CommonJTimer.init` · Issue #273 · larsga/Duke

Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init.