CVE-2023-2048
published 2023-04-14CVE-2023-2048: A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been classified as critical. This affects an unknown part of the file…
PriorityP349high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.74%
50.0th percentile
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/voters_row.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225933 was assigned to this vulnerability.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| campcodes | advanced_online_voting_system | — | — |
| juniper | junos_os | — | — |
| linux | linux_kernel | >= 0 < 5.4.260 | 5.4.260 |
| linux | linux_kernel | >= 5.11.0 < 5.15.132 | 5.15.132 |
| linux | linux_kernel | >= 5.11.0 < 5.15.138 | 5.15.138 |
| linux | linux_kernel | >= 5.16.0 < 6.1.54 | 6.1.54 |
| linux | linux_kernel | >= 5.16.0 < 6.1.61 | 6.1.61 |
| linux | linux_kernel | >= 5.5.0 < 5.10.200 | 5.10.200 |
| linux | linux_kernel | >= 5.6.0 < 5.10.195 | 5.10.195 |
| linux | linux_kernel | >= 6.2.0 < 6.5.4 | 6.5.4 |
| linux | linux_kernel | >= 6.2.0 < 6.5.5 | 6.5.5 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat7.8HIGH
vendor_oracle7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
osv·2025-12-24
CVE-2023-54069 ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
When we calculate the end position of ext4_free_extent, this position may
be exactly where ext4_lblk_t (i.e. uint) overflows. For example, if
ac_g_ex.fe_logical is 4294965248 and ac_orig_goal_len is 2048, then the
computed end is 0x100000000, which is 0. If ac->ac_o_ex.fe_logical is not
the first case of adjusting the best extent, that is, new_bex_end > 0, the
following BUG_ON will be triggered:
kernel BUG at fs/ext4/mballoc.c:5116!
invalid opcode: 0000 [#1] PREEMPT SMP PTI
CPU: 3 PID: 673 Comm: xfs_io Tainted: G E 6.5.0-rc1+ #279
RIP: 0010:ext4_mb_new_inode_pa+0xc5/0x430
Call Trace:
ext4_mb_use_best_found+0
OSV
net/sched: fq_pie: avoid stalls in fq_pie_timer()
osv·2025-10-22
CVE-2023-53727 net/sched: fq_pie: avoid stalls in fq_pie_timer()
net/sched: fq_pie: avoid stalls in fq_pie_timer()
In the Linux kernel, the following vulnerability has been resolved:
net/sched: fq_pie: avoid stalls in fq_pie_timer()
When setting a high number of flows (limit being 65536),
fq_pie_timer() is currently using too much time as syzbot reported.
Add logic to yield the cpu every 2048 flows (less than 150 usec
on debug kernels).
It should also help by not blocking qdisc fast paths for too long.
Worst case (65536 flows) would need 31 jiffies for a complete scan.
Relevant extract from syzbot report:
rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2663 jiffies s: 873 root: 0x1/.
rcu: blocking rcu_node structures (internal RCU debug):
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 5177 Comm: sy
GHSA
GHSA-q828-mj7r-jwwf: A vulnerability was found in Campcodes Advanced Online Voting System 1
ghsa_unreviewed·2023-04-14
CVE-2023-2048 [MEDIUM] CWE-89 GHSA-q828-mj7r-jwwf: A vulnerability was found in Campcodes Advanced Online Voting System 1
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/voters_row.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225933 was assigned to this vulnerability.
Red Hat
kernel: ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
vendor_redhat·2025-12-24·CVSS 5.5
CVE-2023-54069 [LOW] CWE-190 kernel: ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
kernel: ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
When we calculate the end position of ext4_free_extent, this position may
be exactly where ext4_lblk_t (i.e. uint) overflows. For example, if
ac_g_ex.fe_logical is 4294965248 and ac_orig_goal_len is 2048, then the
computed end is 0x100000000, which is 0. If ac->ac_o_ex.fe_logical is not
the first case of adjusting the best extent, that is, new_bex_end > 0, the
following BUG_ON will be triggered:
kernel BUG at fs/ext4/mballoc.c:5116!
invalid opcode: 0000 [#1] PREEMPT SMP PTI
CPU: 3 PID: 673 Comm: xfs_io Tainted: G E 6.5.0-rc1+ #279
RIP: 0010:ext4_mb_new_inode_pa+0xc5/0x430
Call Trace:
ext4_mb_use_best_fo
Red Hat
kernel: Linux Kernel: Denial of Service in CAN BCM due to uninitialized memory read
vendor_redhat·2025-09-17·CVSS 5.5
CVE-2023-53344 [MEDIUM] CWE-390 kernel: Linux Kernel: Denial of Service in CAN BCM due to uninitialized memory read
kernel: Linux Kernel: Denial of Service in CAN BCM due to uninitialized memory read
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
Syzkaller reported the following issue:
BUG: KMSAN: uninit-value in aio_rw_done fs/aio.c:1520 [inline]
BUG: KMSAN: uninit-value in aio_write+0x899/0x950 fs/aio.c:1600
aio_rw_done fs/aio.c:1520 [inline]
aio_write+0x899/0x950 fs/aio.c:1600
io_submit_one+0x1d1c/0x3bf0 fs/aio.c:2019
__do_sys_io_submit fs/aio.c:2078 [inline]
__se_sys_io_submit+0x293/0x770 fs/aio.c:2048
__x64_sys_io_submit+0x92/0xd0 fs/aio.c:2048
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Uninit was created at:
slab_pos
Red Hat
kernel: watchdog: Fix kmemleak in watchdog_cdev_register
vendor_redhat·2025-09-15·CVSS 5.5
CVE-2023-53234 [MEDIUM] CWE-772 kernel: watchdog: Fix kmemleak in watchdog_cdev_register
kernel: watchdog: Fix kmemleak in watchdog_cdev_register
In the Linux kernel, the following vulnerability has been resolved:
watchdog: Fix kmemleak in watchdog_cdev_register
kmemleak reports memory leaks in watchdog_dev_register, as follows:
unreferenced object 0xffff888116233000 (size 2048):
comm ""modprobe"", pid 28147, jiffies 4353426116 (age 61.741s)
hex dump (first 32 bytes):
80 fa b9 05 81 88 ff ff 08 30 23 16 81 88 ff ff .........0#.....
08 30 23 16 81 88 ff ff 00 00 00 00 00 00 00 00 .0#.............
backtrace:
[] __kmem_cache_alloc_node+0x157/0x220
[] kmalloc_trace+0x21/0x110
[] watchdog_dev_register+0x4e/0x780 [watchdog]
[] __watchdog_register_device+0x4f0/0x680 [watchdog]
[] watchdog_register_device+0xd2/0x110 [watchdog]
[] 0xffffffffc10880ae
[] do_one_initcall+0xcb/0x4d0
[] do
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Accessibility (Eclipse Jetty) — CVE-2022-2048
vendor_oracle·2023-07-15·CVSS 7.5
CVE-2022-2048 [HIGH] Oracle Oracle Financial Services Applications Risk Matrix: Accessibility (Eclipse Jetty) — CVE-2022-2048
Oracle Oracle Financial Services Applications Risk Matrix: Accessibility (Eclipse Jetty) vulnerability
CVE: CVE-2022-2048
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2023 (JUL 2023)
Oracle
Oracle Oracle Communications Risk Matrix: Signaling (Eclipse Jetty) — CVE-2022-2048
vendor_oracle·2023-01-15·CVSS 7.5
CVE-2022-2048 [HIGH] Oracle Oracle Communications Risk Matrix: Signaling (Eclipse Jetty) — CVE-2022-2048
Oracle Oracle Communications Risk Matrix: Signaling (Eclipse Jetty) vulnerability
CVE: CVE-2022-2048
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2023 (JAN 2023)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2023-54069 kernel: ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
bugzilla·2025-12-24
CVE-2023-54069 [LOW] CVE-2023-54069 kernel: ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
CVE-2023-54069 kernel: ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
When we calculate the end position of ext4_free_extent, this position may
be exactly where ext4_lblk_t (i.e. uint) overflows. For example, if
ac_g_ex.fe_logical is 4294965248 and ac_orig_goal_len is 2048, then the
computed end is 0x100000000, which is 0. If ac->ac_o_ex.fe_logical is not
the first case of adjusting the best extent, that is, new_bex_end > 0, the
following BUG_ON will be triggered:
kernel BUG at fs/ext4/mballoc.c:5116!
invalid opcode: 0000 [#1] PREEMPT SMP PTI
CPU: 3 PID: 673 Comm: xfs_io Tainted: G E 6.5.0-rc1+ #279
RIP: 0010:ext4_mb_new_inode_pa+0xc5/0x430
Call Trace:
e
Bugzilla
CVE-2023-53487 kernel: powerpc/rtas_flash: allow user copy to flash block cache objects
bugzilla·2025-10-01·CVSS 7.8
CVE-2023-53487 [HIGH] CVE-2023-53487 kernel: powerpc/rtas_flash: allow user copy to flash block cache objects
CVE-2023-53487 kernel: powerpc/rtas_flash: allow user copy to flash block cache objects
In the Linux kernel, the following vulnerability has been resolved:
powerpc/rtas_flash: allow user copy to flash block cache objects
With hardened usercopy enabled (CONFIG_HARDENED_USERCOPY=y), using the
/proc/powerpc/rtas/firmware_update interface to prepare a system
firmware update yields a BUG():
kernel BUG at mm/usercopy.c:102!
Oops: Exception in kernel mode, sig: 5 [#1]
LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
Modules linked in:
CPU: 0 PID: 2232 Comm: dd Not tainted 6.5.0-rc3+ #2
Hardware name: IBM,8408-E8E POWER8E (raw) 0x4b0201 0xf000004 of:IBM,FW860.50 (SV860_146) hv:phyp pSeries
NIP: c0000000005991d0 LR: c0000000005991cc CTR: 0000000000000000
REGS: c0000000148c76a0 TRAP: 0700
Bugzilla
CVE-2023-53344 kernel: Linux Kernel: Denial of Service in CAN BCM due to uninitialized memory read
bugzilla·2025-09-17·CVSS 5.5
CVE-2023-53344 [MEDIUM] CVE-2023-53344 kernel: Linux Kernel: Denial of Service in CAN BCM due to uninitialized memory read
CVE-2023-53344 kernel: Linux Kernel: Denial of Service in CAN BCM due to uninitialized memory read
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
Syzkaller reported the following issue:
BUG: KMSAN: uninit-value in aio_rw_done fs/aio.c:1520 [inline]
BUG: KMSAN: uninit-value in aio_write+0x899/0x950 fs/aio.c:1600
aio_rw_done fs/aio.c:1520 [inline]
aio_write+0x899/0x950 fs/aio.c:1600
io_submit_one+0x1d1c/0x3bf0 fs/aio.c:2019
__do_sys_io_submit fs/aio.c:2078 [inline]
__se_sys_io_submit+0x293/0x770 fs/aio.c:2048
__x64_sys_io_submit+0x92/0xd0 fs/aio.c:2048
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Uninit was c
Bugzilla
CVE-2023-53234 kernel: watchdog: Fix kmemleak in watchdog_cdev_register
bugzilla·2025-09-15·CVSS 5.5
CVE-2023-53234 [MEDIUM] CVE-2023-53234 kernel: watchdog: Fix kmemleak in watchdog_cdev_register
CVE-2023-53234 kernel: watchdog: Fix kmemleak in watchdog_cdev_register
In the Linux kernel, the following vulnerability has been resolved:
watchdog: Fix kmemleak in watchdog_cdev_register
kmemleak reports memory leaks in watchdog_dev_register, as follows:
unreferenced object 0xffff888116233000 (size 2048):
comm ""modprobe"", pid 28147, jiffies 4353426116 (age 61.741s)
hex dump (first 32 bytes):
80 fa b9 05 81 88 ff ff 08 30 23 16 81 88 ff ff .........0#.....
08 30 23 16 81 88 ff ff 00 00 00 00 00 00 00 00 .0#.............
backtrace:
[] __kmem_cache_alloc_node+0x157/0x220
[] kmalloc_trace+0x21/0x110
[] watchdog_dev_register+0x4e/0x780 [watchdog]
[] __watchdog_register_device+0x4f0/0x680 [watchdog]
[] watchdog_register_device+0xd2/0x110 [watchdog]
[] 0xffffffffc10880ae
[] do_one_initcall
https://github.com/E1CHO/cve_hub/blob/main/Advanced%20Online%20Voting%20System/Advanced%20Online%20Voting%20System%20-%20vuln%202.pdfhttps://vuldb.com/?ctiid.225933https://vuldb.com/?id.225933https://github.com/E1CHO/cve_hub/blob/main/Advanced%20Online%20Voting%20System/Advanced%20Online%20Voting%20System%20-%20vuln%202.pdfhttps://vuldb.com/?ctiid.225933https://vuldb.com/?id.225933
2023-04-14
Published