CVE-2023-36007

Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability...

kernel: sctp: check send stream number after wait_for_sndbuf

In the Linux kernel, the following vulnerability has been resolved: sctp: check send stream number after waitforsndbuf This patch fixes a corner case where the asoc out stream count may change after waitforsndbuf. When the main thread in the client starts a connection, if its out stream count is...

CLSA-2023-1699907659 Fix CVE(s): CVE-2023-32360

SECURITY UPDATE: An unauthenticated user may be able to access recently printed documents. The config file /etc/cups/cupsd.conf should be edited manually in case the cups has been already installed in the system: the and sections should be changed according to the patch. -...

kernel: bpf: Skip task with pid=1 in send_signal_common()

In the Linux kernel, the following vulnerability has been resolved: bpf: Skip task with pid=1 in sendsignalcommon The following kernel panic can be triggered when a task with pid=1 attaches a prog that attempts to send killing signal to itself, also see 1 for more details: Kernel panic - not...

kernel: sctp: check send stream number after wait_for_sndbuf

In the Linux kernel, the following vulnerability has been resolved: sctp: check send stream number after waitforsndbuf This patch fixes a corner case where the asoc out stream count may change after waitforsndbuf. When the main thread in the client starts a connection, if its out stream count is...

Information disclosure

An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages...

SUSE CVE-2023-39017

quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that...

CVE-2023-39050

An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages...

send-personally.de Improper Access Control vulnerability OBB-3771389

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2023-8457

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.9 Description The issue is related to a NULL pointer dereference in the send acknowledge function in net/nfc/nci/spi.c. This could potentially allow an attacker to cause a denial of service. Recommendations F...

CVE-2023-27380

An OS command injection vulnerability exists in the admin.cgi USSDsend functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Peplink Surf SOHO HW1 Operating System Command Injection Vulnerability

Peplink Surf SOHO HW1 is a small router from Peplink. An OS command injection vulnerability exists in Peplink Surf SOHO HW1 v6.3.5, which stems from an OS command injection vulnerability in the admin.cgi USSDsend function. An attacker can exploit this vulnerability to execute commands via special...

PT-2023-21086 · Peplink · Peplink Surf Soho

Name of the Vulnerable Software and Affected Versions: peplink Surf SOHO HW1 version 6.3.5 Description: An OS command injection issue exists in the admin.cgi USSD send functionality. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request...

CSRF in Send Reminder

Description CSRF in Send Reminder Proof of Concept 1 .Attacker sent form fake to victim history.pushState'', '', '/'; document.forms0.submit; 2 .Victim click, execute send reminder unexpected Video Poc https://drive.google.com/file/d/1eibfxIbACA6DWObg2bjZjJBiqTPlwWd/view?usp=sharing...

Animal-art-lab Security Breach

animal-art-lab is an application. A security vulnerability exists in Animal-art-lab version v13.6.1, which stems from a vulnerability that allows an attacker to send a notification by revealing the access token of a channel...

OESA-2023-1702 dsoftbus security update

Security Fixes: Buffer Overflow vulnerability in coapsend function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu.CVE-2023-30362...

OESA-2023-1701 dsoftbus security update

Security Fixes: Buffer Overflow vulnerability in coapsend function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu.CVE-2023-30362...

OESA-2023-1680 mosquitto security update

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

CVE-2023-39675

SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php...

CVE-2023-39677

MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php...