Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-36621: Stored XSS & Privilege Escalation in Boomerang Parental Control App

An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing.

CVE
#xss#vulnerability#web#android#google#microsoft#linux#js#git#perl#samsung#auth#asp.net
CVE-2023-31102: 7-Zip / Discussion / Open Discussion: 7-Zip 23.00

7-Zip through 22.01 on Linux allows an integer underflow and code execution via a crafted 7Z archive.

CVE-2023-46954: GitHub - jakedmurphy1/CVE-2023-46954

SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter.

CVE-2017-7252: Security Advisories — Botan

bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.

GHSA-xr8c-mq5x-5f56: Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token.

CVE-2023-42299: heap-buffer-overflow in file src/gif.imageio/gifinput.cpp, line 368 · Issue #3840 · AcademySoftwareFoundation/OpenImageIO

Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function.

CVE-2023-39057: CVE-reports/CVE-2023-39057.md at main · syz913/CVE-reports

An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

CVE-2023-39054: CVE-reports/CVE-2023-39054.md at main · syz913/CVE-reports

An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

CVE-2023-39051: CVE-reports/CVE-2023-39051.md at main · syz913/CVE-reports

An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

CVE-2023-39042: CVE-reports/CVE-2023-39042.md at main · syz913/CVE-reports

An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages.