USN-8080-1: YARA vulnerabilities

Kamil Frankowicz discovered that a number of YARA's functions generated memory exceptions when processing specially crafted rules or files. A remote attacker could possibly use these issues to cause YARA to crash, resulting in a denial of service. These issues only affected Ubuntu 16.04 LTS...

EUVD-2018-5923

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-5923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service heap-based out-of- bounds read and application crash via a crafted rule tha...

CVE-2025-5923

The Game Review Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 4.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

WordPress Game Review Block plugin <= 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via className Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Game Review Block versions = 4.8.1...

CVE-2025-5923

The Game Review Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 4.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-5923

The WordPress plugin Game Review Block (versions up to and including 4.8.1) is affected by a Stored Cross-Site Scripting (Stored XSS) vulnerability in the className parameter due to insufficient input sanitization and output escaping. Exploitation requires Contributor-level access or higher, and ...

CVE-2025-5923 Game Review Block <= 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter

The Game Review Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 4.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2023-5923

A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The...

CVE-2020-5923

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses...

CVE-2016-11044

An issue was discovered on Samsung mobile devices with L5.0/5.1 and M6.0 with Fingerprint support software. The check of an application's signature can be bypassed during installation. The Samsung ID is SVE-2016-5923 June 2016...

Debian dsa-5923 : net-tools - security update

The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5923 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5923-2 [email protected] https://www.debian.org/security/...

CVE-2023-5923

A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The...

CVE-2023-5923

CVE-2023-5923 — Campcodes Simple Student Information System 1.0 is affected by a SQL injection in an unknown part of /admin/index.php, triggered by manipulating the id parameter. The vuln is described as critical and is accompanied by public disclosure of exploits. The available connected sources...

CVE-2023-5923 Campcodes Simple Student Information System index.php sql injection

A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : LibTIFF vulnerabilities (USN-5923-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5923-1 advisory. It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with...

SUSE CVE-2017-5923

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service heap-based out-of-bounds read and application crash via a crafted rule that is mishandled in the yarayyparse function...

K05975972: BIG-IP self IP vulnerability CVE-2020-5923

Security Advisory Description Self-IP port-lockdown bypass by way of IPv6 link-local addresses. CVE-2020-5923 Impact Port lockdowns may be bypassable on accessible self IP addresses on an ipv6 link-local address. Security Advisory Status F5 Product Development has assigned ID 832885 BIG-IP and ID...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2020-5923)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-5923 advisory. - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040805 CVE-2020-8694 CVE-2020-8695 - hdlcppp: add range checks in pppcpparsec...

CVE-2020-5923

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses...