Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-36435: Microsoft QUIC Denial of Service Vulnerability

**Where can I find more information?** Please see the GitHub Advisory relating to this vulnerability here: https://github.com/microsoft/msquic/security/advisories/GHSA-fr44-546p-7xcp#event-111622

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#dos#git#Microsoft QUIC#Security Vulnerability
CVE-2023-36697: Microsoft Message Queuing Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or compromise a legitimate MSMQ server host and make it run as a malicious server.

CVE-2023-38171: Microsoft QUIC Denial of Service Vulnerability

**Where can I find more information?** Please see the GitHub Advisory relating to this vulnerability here: https://github.com/microsoft/msquic/security/advisories/GHSA-xh5m-8qqp-c5x7#event-111621

libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks

A new security flaw has been disclosed in the libcue library impacting GNOME Linux systems that could be exploited to achieve remote code execution (RCE) on affected hosts. Tracked as CVE-2023-43641 (CVSS score: 8.8), the issue is described as a case of memory corruption in libcue, a library designed for parsing cue sheet files. It impacts versions 2.2.1 and prior. libcue is incorporated into

CVE-2023-45208: D-Link DAP-X1860: Remote Command Injection

A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names containing single quotes (in the range of the repeater) can result in a denial of service.

CVE-2023-5467: class-gmw-single-location.php in geo-my-wp/tags/4.0.1/plugins/single-location/includes – WordPress Plugin Repository

The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-44826: GitHub - jacyyang52/chandaoxss

Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script.

CVE-2023-44959: CVE-2023-27216_D-Link_DSL-3782_Router_command_injection/CVE-2023-27216_D-Link_DSL-3782_Router_command_injection.md at master · FzBacon/CVE-2023-27216_D-Link_DSL-3782_Router_command_injection

An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page.

CVE-2023-42189: [BUG] KeySetRemove Command returns SUCCESS status code when GroupKeySetID 0 is being removed · Issue #28518 · project-chip/connectedhomeip

Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.

CVE-2020-18336: Typora(v0.9.65) XSS when exporting to PDF · Issue #2232 · typora/typora-issues

Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function.