Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-36947: bug_submit/TOTOLINK/UploadCustomModule.md at main · Archerber/bug_submit

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.

CVE
#vulnerability#git
CVE-2023-36340: bug_submit/TOTOLINK/TOTOLINK-NR1800X.md at main · Archerber/bug_submit

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.

CVE-2023-36952: bug_submit/TOTOLINK/CP300+_1.md at main · Archerber/bug_submit

TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg.

Binance's Smart Chain Exploited in New 'EtherHiding' Malware Campaign

Threat actors have been observed serving malicious code by utilizing Binance's Smart Chain (BSC) contracts in what has been described as the "next level of bulletproof hosting." The campaign, detected two months ago, has been codenamed EtherHiding by Guardio Labs. The novel twist marks the latest iteration in an ongoing campaign that leverages compromised WordPress sites to serve unsuspecting

GHSA-mr6h-7x2m-rgmq: SQL injection in librenms/librenms

SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.

CVE-2023-40791: LKML: Yikebaer Aizezi: WARNING in try_grab_page

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.2 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.

CVE-2023-40790: LKML: Sean Christopherson: Re: WARNING in kvm_arch_vcpu_ioctl_run

** DISPUTED ** An issue was discovered in the Linux kernel through 6.5.7. kvm_arch_vcpu_ioctl_run in arch/x86/kvm/x86.c allows a WARN_ON_ONCE if userspace stuffs a nonsensical vCPU state.

CVE-2023-5591: Fix MAC search sql injection (#15402) · librenms/librenms@908aef6

SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.

CVE-2023-5590: [IEDriver] Fix potential null pointer access in CookieManager · SeleniumHQ/selenium@023a0d5

NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.

CVE-2023-5588: Merge develop 2023-08-08 by kphrx · Pull Request #197 · kphrx/pleroma

A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high. The exploitability is told to be difficult. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 2c795094535537a8607cc0d3b7f076a609636f40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-242187.