Security Vulnerabilities - Released 29 October 2023
- Daily New Vulnerabilities List
Proxmox CVEs:
CVE-2023-46854
Type: Cross-Site Scripting (XSS)
Description: Proxmox proxmox-widget-toolkit before 4.0.9, used in multiple Proxmox products, allows XSS via the edit notes feature.
SourceCodester CVE:
CVE-2023-5836
Type: SQL Injection
Description: Critical vulnerability in SourceCodester Task Reminder System 1.0. Manipulation of the argument 'id' leads to SQL injection.
AlexanderLivanov CVE:
CVE-2023-5837
Type: Cross-Site Scripting (XSS)
Description: Vulnerability in AlexanderLivanov FotosCMS2 up to 2.4.3. Manipulation of the argument 'username' leads to cross-site scripting.
iSulad CVEs:
CVE-2021-33636
Type: Arbitrary Code Execution
Description: Attackers can execute arbitrary code when using the 'isula load' command with malicious images.
CVE-2021-33637
Type: Container Escape
Description: Attackers can escape a container controlled by them when using the 'isula export' command.
CVE-2021-33635
Type: Arbitrary Code Execution
Description: Malicious code execution is possible when using 'isula pull' to pull malicious images.
CVE-2021-33638
Type: Container Escape
Description: Attackers can escape a container controlled by them when using the 'isula cp' command.
CVE-2021-33634
Type: Denial of Service (DoS)
Description: iSulad uses the lcr+lxc runtime (default) to run malicious images, leading to a Denial of Service.
WordPress CVEs:
CVE-2005-10002
Type: Path Traversal
Description: Critical vulnerability in almosteffortless secure-files Plugin up to 1.1 on WordPress. Manipulation of the argument 'downloadfile' leads to path traversal.
CVE-2007-10003
Type: SQL Injection
Description: Critical vulnerability in The Hackers Diet Plugin up to 0.9.6b on WordPress. Manipulation of the argument 'user' leads to SQL injection.
exfatprogs CVE:
CVE-2023-45897
Type: Out-of-Bounds Memory Access
Description: exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set.