CVE-2023-1367
published 2023-03-13CVE-2023-1367: Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
PriorityP416low3.8CVSS 3.1
AVNACLPRHUINSUCLILAN
EPSS
0.43%
34.5th percentile
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alextselegidis | alextselegidis_easyappointments | >= unspecified < 1.5.0 | 1.5.0 |
| alextselegidis | easyappointments | >= 0 < 1.5.0 | 1.5.0 |
| easyappointments | easyappointments | < 1.5.0 | 1.5.0 |
CVSS provenance
nvdv3.13.8LOWCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
nvdv3.06.0MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Code Injection in alextselegidis/easyappointments
osv·2023-03-13
CVE-2023-1367 [HIGH] Code Injection in alextselegidis/easyappointments
Code Injection in alextselegidis/easyappointments
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0 due to unescaped output.
GHSA
Code Injection in alextselegidis/easyappointments
ghsa·2023-03-13
CVE-2023-1367 [HIGH] CWE-94 Code Injection in alextselegidis/easyappointments
Code Injection in alextselegidis/easyappointments
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0 due to unescaped output.
Red Hat
vim: Divide by zero in scroll_cursor_bot
vendor_redhat·2023-08-07·CVSS 7.8
CVE-2023-3896 [HIGH] CWE-369 vim: Divide by zero in scroll_cursor_bot
vim: Divide by zero in scroll_cursor_bot
Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3
A flaw was found in Vim. When foldcolumn and smoothscrool are on, a divide by zero issue may occur in the scroll_cursor_bot function, causing a program crash.
Statement: All versions of Vim shipped with Red Hat Enterprise Linux are affected, because of the presence of vulnerable code in our code-base.
Red Hat Product Security has rated this issue as having a Low security impact, because the "victim" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random python script and running it.
Since Red Hat Enterprise Linux 6, 7 are Out-of-Support-Scope for Low/Moderate flaws, the issue is not currently planned to
Red Hat
vim: Divide By Zero in vim/vim
vendor_redhat·2023-03-01·CVSS 7.8
CVE-2023-1127 [HIGH] CWE-369 vim: Divide By Zero in vim/vim
vim: Divide By Zero in vim/vim
Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.
A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.
Statement: Red Hat Product Security has rated this issue as having a Low security impact, because the "victim" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random python script and running it.
For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/
Package: vim (Red Hat Enterprise Linux 6) - Out of support scope
Package: vim (Red Hat Enterprise Linux 7) - Fix deferred
Package:
No detection rules found.
No public exploits indexed.
https://github.com/alextselegidis/easyappointments/commit/453c6e130229718680c91bef450db643a0f263e4https://huntr.dev/bounties/16bc74e2-1825-451f-bff7-bfdc1ea75cc2https://github.com/alextselegidis/easyappointments/commit/453c6e130229718680c91bef450db643a0f263e4https://huntr.dev/bounties/16bc74e2-1825-451f-bff7-bfdc1ea75cc2
2023-03-13
Published