CVE-2023-27931

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.3, tvOS 16.4, watchOS 9.4. An app may be able to access user-sensitive data...

Code injection

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.3, tvOS 16.4, watchOS 9.4. An app may be able to access user-sensitive data...

CVE-2023-27931

CVE-2023-27931 affects Apple OS family components where an app may access user-sensitive data. The issue was mitigated by removing the vulnerable code and is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, macOS Big Sur 11.7.3, iOS 16.4, iPadOS 16.4, tvOS 16.4, and watchOS 9.4. Connected sour...

Linux Kernel 6.2 - Userspace Processes To Enable Mitigation Exploit

Exploit Title: Linux Kernel 6.2 - Userspace Processes To Enable Mitigation Exploit Author: nu11secur1ty CVE ID: CVE-2023-1998 Description Summary The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as...

Linux Kernel 6.2 - Userspace Processes To Enable Mitigation

Exploit Title: Linux Kernel 6.2 - Userspace Processes To Enable Mitigation Exploit Author: nu11secur1ty CVE ID: CVE-2023-1998 Description Summary The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as...

ETHCrowdfundBase#_calculateRefundAmount can return too many funds to users and brick refunds

Lines of code Vulnerability details Impact Malicious user can honeypot and grief users causing loss of funds Proof of Concept ETHCrowdfundBase.solL227-L230 if fundingSplitRecipient != address0 && fundingSplitBps 0 uint96 feeAmount = amount fundingSplitBps / 1e4; amount -= feeAmount; When a user...

Auto Dealer Management System 1.0 - Broken Access Control Exploit

Exploit Title: Auto Dealer Management System 1.0 - Broken Access Control Exploit It leads to compromise of all application accounts by accessing the ?page=user/list with low privileged user account Date: 18 February 2023 CVE Assigned: CVE-2023-0916 mitre.org nvd.nist.org Author: Muhammad Navaid...

CVE-2023-1579

Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfdgetl64...

WordPress WooCommerce 7.1.0 Remote Code Execution

Title: Wordpress Plugin WooCommerce v7.1.0 - Remote Code ExecutionRCE Date: 2022-12-07 Author: Milad Karimi Vendor Homepage: https://wordpress.org/plugins/woocommerce Software Link: https://wordpress.org/plugins/woocommerce Tested on: windows 10 , firefox Version: 7.1.0 CVE : N/A Description:...

GHSA-2G5W-29Q9-W6HX mindsdb arbitrary file write when extracting a remotely retrieved Tarball

Summary An unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the vulnerability is called a TarSlip or a ZipSlip variant. Details I commented the following...

An attacker can front-run setMaxPayout() and freeze deposit() and the whole protocol from progressing in epochs.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. When the owner calls setMaxPayout to decrease maxPayout to newMaxPayout, an attacker can front-run it and deposit so that termsepoch.payoutTotal newMaxPayout. This will freeze deposit and the whole...

ZwiiCMS 12.2.04 Remote Code Execution

Exploit Title: ZwiiCMS 12.2.04 Remote Code Execution Authenticated Date: 03/06/2023 Exploit Author: Hadi Mene Vendor Homepage: https://zwiicms.fr/ Version: 12.2.04 and potentially lower versions CVE: CVE-2020-10567 Category: webapps ZwiiCMS 12.2.04 uses "Responible FileManager" 9.14.0 for its fil...

CVE-2023-23502

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to determine kernel memory layout...

Information disclosure

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to determine kernel memory layout...

CVE-2023-23502

CVE-2023-23502 is an information-disclosure flaw that Apple fixed by removing the vulnerable code. The cited advisories state the issue could allow an app to determine kernel memory layout. Affected platforms include macOS (Monterey 12.6.3, Ventura 13.2) and iOS/iPadOS (16.3), as well as tvOS/wat...

K29154575: ImageMagick vulnerability CVE-2016-3717

Security Advisory Description The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. CVE-2016-3717 Note : This vulnerability is one of the series of vulnerabilities known as ImageTragick. Impact Exploiting this...

CVE-2023-25139

sprintf in the GNU C Library glibc 2.37 has a buffer overflow out-of-bounds write in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a...

Open Redirect Vulnerability in Action Pack

There is a vulnerability in Action Controller’s redirectto. This vulnerability has been assigned the CVE identifier CVE-2023-22797. Versions Affected: = 7.0.0 Not affected: 7.0.0 Fixed Versions: 7.0.4.1 Impact There is a possible open redirect when using the redirectto helper with untrusted user...

Suspicious login app ships old league/flysystem version

None...

CVE-2023-0051

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144...