CVE-2023-39599 (csz_cms)
Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter. Continue reading CVE-2023-39599 (csz_cms)
Month: August 2023
CVE-2023-39141 (webui-aria2)
webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability. Continue reading CVE-2023-39141 (webui-aria2)
CVE-2023-3699 (data_master)
An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM… Continue reading CVE-2023-3699 (data_master)
CVE-2023-38996 (dsgate)
An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command. Continue reading CVE-2023-38996 (dsgate)
CVE-2023-38666 (bento4)
Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt. Continue reading CVE-2023-38666 (bento4)
CVE-2023-38667 (netwide_assembler)
Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service. Continue reading CVE-2023-38667 (netwide_assembler)
CVE-2023-38668 (netwide_assembler)
Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash). Continue reading CVE-2023-38668 (netwide_assembler)
CVE-2023-38665 (netwide_assembler)
Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash). Continue reading CVE-2023-38665 (netwide_assembler)
CVE-2023-38732 (robotic_process_automation, robotic_process_automation_for_cloud_pak)
IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289. Continue reading CVE-2023-38732 (robotic_process_automation, robotic_process_automation_for_cloud_pak)
CVE-2023-37432 (edgeconnect_sd-wan_orchestrator)
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestra… Continue reading CVE-2023-37432 (edgeconnect_sd-wan_orchestrator)