761
|
8.8 |
HIGH
Adjacent
|
tianocore
|
edk2
|
EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This
vulnerability can be exploited by an attacker to gain unauthorized
acces…
Update
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2023-45230
|
2024-10-23 01:35 |
2024-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
762
|
6.7 |
MEDIUM
Local
|
linuxfoundation google
|
yocto android
|
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not nee…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2023-20805
|
2024-10-23 01:35 |
2023-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
763
|
6.7 |
MEDIUM
Local
|
linuxfoundation google
|
yocto android
|
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not nee…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2023-20804
|
2024-10-23 01:35 |
2023-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
764
|
6.5 |
MEDIUM
Local
|
linuxfoundation google
|
yocto android
|
In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2023-20803
|
2024-10-23 01:35 |
2023-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
765
|
8.8 |
HIGH
Network
|
mozilla debian
|
firefox debian_linux
|
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, a…
Update
|
NVD-CWE-noinfo
|
CVE-2023-4047
|
2024-10-23 01:35 |
2023-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
766
|
5.3 |
MEDIUM
Network
mozilla debian
|
firefox debian_linux
|
In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process…
Update
|
NVD-CWE-noinfo
|
CVE-2023-4046
|
2024-10-23 01:35 |
2023-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
767
|
5.3 |
MEDIUM
Network
apache
|
inlong
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5…
Update
|
CWE-89
SQL Injection
|
CVE-2023-30465
|
2024-10-23 01:35 |
2023-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
768
|
9.8 |
CRITICAL
Network
apache
|
linkis
|
In Apache Linkis <=1.3.1, because the parameters are not
effectively filtered, the attacker uses the MySQL data source and malicious parameters to
configure a new data source to trigger a deserializ…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2023-29216
|
2024-10-23 01:35 |
2023-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
769
|
9.8 |
CRITICAL
Network
apache
|
linkis
|
In Apache Linkis <=1.3.1, due to the lack of effective filtering
of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a
deserialization vulne…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2023-29215
|
2024-10-23 01:35 |
2023-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
770
|
9.8 |
CRITICAL
Network
apache
|
linkis
|
In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability.
We recomme…
Update
|
CWE-22
Path Traversal
|
CVE-2023-27603
|
2024-10-23 01:35 |
2023-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|