Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-36867

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability

CVE
Open in Source
#vulnerability#git#rce
CVE-2023-36871

Azure Active Directory Security Feature Bypass Vulnerability

CVE-2023-36868

Azure Service Fabric on Windows Information Disclosure Vulnerability

CVE-2023-3626: cve/2.md at main · MoeMion233/cve

A vulnerability, which was classified as critical, has been found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. This issue affects some unknown processing of the file /Duty/AjaxHandle/UpLoadFloodPlanFile.ashx of the component UpLoadFloodPlanFile. The manipulation of the argument Filedata leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233579. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-3625: cve/1.md at main · MoeMion233/cve

A vulnerability classified as critical was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. This vulnerability affects unknown code of the file /Duty/AjaxHandle/Write/UploadFile.ashx of the component Duty Write-UploadFile. The manipulation of the argument Filedata leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-233578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-35374

Paint 3D Remote Code Execution Vulnerability

CVE-2023-35373

Mono Authenticode Validation Spoofing Vulnerability

CVE-2023-3354: Invalid Bug ID

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.

CVE-2023-36824: Heap overflow in COMMAND GETKEYS and ACL evaluation

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.

CVE-2023-3627: SuiteCRM 8.3.1 Release · salesagility/SuiteCRM-Core@7828570

Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1.