CVE-2023-30941

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

CVE-2023-30917

In DMService, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...

CVE-2023-29406

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

squidex 安全漏洞

squidex is a Headless CMS and Content Management Center. A security vulnerability exists in squidex versions prior to 7.4.0 that stems from improper handling of additional special elements...

[SECURITY] Fedora 38 Update: yt-dlp-2023.07.06-1.fc38

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

DRUPAL-CONTRIB-2023-023

This module enables you to define configurable GDPR alert messages. The module doesn't sufficiently filter user-supplied text leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker needs additional permissions. The vulnerability can be...

MagicAI 1.55R Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Design/Logic Flaw

endpattern called from internalfnmatch in the GNU C Library aka glibc or libc6 before 2.22 might allow context-dependent attackers to cause a denial of service application crash, as demonstrated by use of the fnmatch library function with the ! pattern. NOTE: this is not the same as CVE-2015-8984...

CVE-2023-32363

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences...

CVE-2023-32363

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences...

Design/Logic Flaw

The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, macOS Ventura 13.4. A sandboxed app may be able to observe system-wide network connections...

CVE-2023-27940

CVE-2023-27940 affects Apple platforms (iOS 15.7.6 and iPadOS 15.7.6; macOS Monterey 12.6.6; macOS Ventura 13.4). The issue is due to insufficient permissions checks in a kernel component, allowing a sandboxed app to observe system-wide network connections. Apple’s bulletin states the vulnerabili...

CVE-2023-21143

In multiple functions of multiple files, there is a possible way to make the device unusable due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Design/Logic Flaw

In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2023-32115

An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system...

CVE-2023-1917 PowerPress <= 10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

Design/Logic Flaw

In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges...

CVE-2022-48445

In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges...

macOS 13.x < 13.4 Multiple Vulnerabilities (HT213758)

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.4. It is, therefore, affected by multiple vulnerabilities: - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR, VISUAL, and...

macOS 12.x < 12.6.6 Multiple Vulnerabilities (HT213759)

The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.6.6. It is, therefore, affected by multiple vulnerabilities: - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 a...