Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2023-34231: Snowflake Golang Driver Security Advisory

gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on (SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. A patch is available in version 1.6.19.

CVE
Open in Source
#vulnerability#web#mac#rce#auth
CVE-2023-34958: Security issues - Chamilo LMS

Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.

CVE-2023-34959: Security issues - Chamilo LMS

An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.

CVE-2023-34961: Security issues - Chamilo LMS

Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.

CVE-2023-34570: Tenda AC10 v4 was discovered stack overflow via parameter devName at url /goform/SetOnlineDevName - HackMD

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.

CVE-2023-34569: Tenda AC10 v4 was discovered stack overflow via parameter list at url /goform/SetNetControlList - HackMD

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.

CVE-2023-34567: Tenda AC10 v4 was discovered stack overflow via parameter list at url /goform/SetVirtualServerCfg - HackMD

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.

CVE-2023-34571: Tenda AC10 v4 was discovered stack overflow via parameter shareSpeed at url /goform/WifiGuestSet - HackMD

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet.

CVE-2023-34568: Tenda AC10 v4 was discovered stack overflow via parameter time at url /goform/PowerSaveSet - HackMD

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.

RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution

RenderDoc versions 1.26 and below suffer from integer underflow, integer overflow, and symlink vulnerabilities.