Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-23082PUBLISHED: 2023-02-03A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.
CVE-2023-23615PUBLISHED: 2023-02-03
Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by ...
CVE-2022-24895PUBLISHED: 2023-02-03
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables s...
CVE-2023-22746PUBLISHED: 2023-02-03
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the `.env` fil...
CVE-2022-24894PUBLISHED: 2023-02-03
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response ...
User Rank: Ninja
6/21/2019 | 1:54:16 PM