|
151
|
6.1
-
|
MEDIUM
Network
|
The course upload preview contained an XSS risk for users uploading unsafe data.
|
CWE-79
Cross-site Scripting
|
CVE-2023-5547
|
cpe:2.3:o:redhat:enterprise_linux:7.0:*
|
|
|
|
|
2024-11-21 17:41
2023-11-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
5.4
-
|
MEDIUM
Network
|
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
|
CWE-79
Cross-site Scripting
|
CVE-2023-5546
|
cpe:2.3:o:redhat:enterprise_linux:7.0:*
|
|
|
|
|
2024-11-21 17:41
2023-11-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
5.4
-
|
MEDIUM
Network
|
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
|
CWE-79 CWE-639
Cross-site Scripting Authorization Bypass Through User-Controlled Key
|
CVE-2023-5544
|
cpe:2.3:o:redhat:enterprise_linux:7.0:*
|
|
|
|
|
2024-11-21 17:41
2023-11-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
6.4
-
|
MEDIUM
Local
|
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the …
|
CWE-416
Use After Free
|
CVE-2023-39198
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:14
2023-11-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
3.8
-
|
LOW
Physics
|
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to t…
|
CWE-125
Out-of-bounds Read
|
CVE-2023-4535
|
cpe:2.3:o:redhat:enterprise_linux:9.0:*
|
|
|
|
|
2024-11-21 17:35
2023-11-7
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
6.4
-
|
MEDIUM
Physics
|
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2023-40661
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:19
2023-11-7
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
6.6
-
|
MEDIUM
Physics
|
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2023-40660
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-23 13:15
2023-11-7
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
5.5
-
|
MEDIUM
Local
|
A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service …
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2023-5090
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:41
2023-11-6
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
6.5
-
|
MEDIUM
Network
|
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be bloc…
|
NVD-CWE-noinfo
|
CVE-2023-42669
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:22
2023-11-6
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
7.0
-
|
HIGH
Local
|
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, fo…
|
CWE-662
Improper Synchronization
|
CVE-2023-5088
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux…
|
|
|
|
|
2024-11-21 17:41
2023-11-3
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|