Security News

Security news from: cvedetails.com

  • – 25. september 2023CVE-2023-43644
    Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user auth …
  • – 25. september 2023CVE-2023-43642
    snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing …
  • – 22. september 2023CVE-2023-43640
    TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attac …
  • – 22. september 2023CVE-2023-43782
    Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary c …
  • – 22. september 2023CVE-2023-43784
    ** DISPUTED ** Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat. …
  • – 22. september 2023CVE-2023-43783
    Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary …
  • – 22. september 2023CVE-2023-43770
    Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. (C …
  • – 22. september 2023CVE-2023-43771
    In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets received on the control port could crash the program. (CVSS:5.5) (Last Update:2023-09-26 13:09:31)
  • – 22. september 2023CVE-2023-43766
    Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server …
  • – 22. september 2023CVE-2023-43762
    Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 1 of 2. This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15. (CVSS:9.8) (L …