CVE-2023-1347
published 2023-05-08CVE-2023-1347: The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as…
PriorityP348high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
16.05%
96.5th percentile
The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fastlinemedia | customizer_export_import | < 0.9.6 | 0.9.6 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w7hh-rr9c-v4j6: The Customizer Export/Import WordPress plugin before 0
ghsa_unreviewed·2023-05-08
CVE-2023-1347 [HIGH] CWE-502 GHSA-w7hh-rr9c-v4j6: The Customizer Export/Import WordPress plugin before 0
The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
Red Hat
kernel: drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c
vendor_redhat·2024-05-17·CVSS 5.5
CVE-2023-52678 [MEDIUM] CWE-400 kernel: drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c
kernel: drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c
Before using list_first_entry, make sure to check that list is not
empty, if list is empty return -ENODATA.
Fixes the below:
drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_topology.c:1347 kfd_create_indirect_link_prop() warn: can 'gpu_link' even be NULL?
drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_topology.c:1428 kfd_add_peer_prop() warn: can 'iolink1' even be NULL?
drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_topology.c:1433 kfd_add_peer_prop() warn: can 'iolink2' even be NULL?
A vulnerability was found in the Linux kernel's DRM/AMDKFD subsystem. T
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2023-53629 kernel: fs: dlm: fix use after free in midcomms commit
bugzilla·2025-10-07·CVSS 7.8
CVE-2023-53629 [HIGH] CVE-2023-53629 kernel: fs: dlm: fix use after free in midcomms commit
CVE-2023-53629 kernel: fs: dlm: fix use after free in midcomms commit
In the Linux kernel, the following vulnerability has been resolved:
fs: dlm: fix use after free in midcomms commit
While working on processing dlm message in softirq context I experienced
the following KASAN use-after-free warning:
[ 151.760477] ==================================================================
[ 151.761803] BUG: KASAN: use-after-free in dlm_midcomms_commit_mhandle+0x19d/0x4b0
[ 151.763414] Read of size 4 at addr ffff88811a980c60 by task lock_torture/1347
[ 151.765284] CPU: 7 PID: 1347 Comm: lock_torture Not tainted 6.1.0-rc4+ #2828
[ 151.766778] Hardware name: Red Hat KVM/RHEL-AV, BIOS 1.16.0-3.module+el8.7.0+16134+e5908aa2 04/01/2014
[ 151.768726] Call Trace:
[ 151.769277]
[ 151.769748] dump_stack
Bugzilla
CVE-2022-44730 batik: Server-Side Request Forgery vulnerability
bugzilla·2023-08-23·CVSS 4.4
CVE-2022-44730 [MEDIUM] CVE-2022-44730 batik: Server-Side Request Forgery vulnerability
CVE-2022-44730 batik: Server-Side Request Forgery vulnerability
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.
A malicious SVG can probe user profile / data and send it directly as parameter to a URL.
References:
https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0
https://xmlgraphics.apache.org/security.html
http://www.openwall.com/lists/oss-security/2023/08/22/3
http://www.openwall.com/lists/oss-security/2023/08/22/5
Discussion:
Versions Affected: Batik 1.0 - 1.16
References:
https://issues.apache.org/jira/browse/BATIK-1347
https://github.com/advisories/GHSA-2474-2566-3qxp
https://github.com/apache/xmlgraphics-batik/commit/f9ae69233eadfbd392a4a08a55618f97343b467
2023-05-08
Published