CVE-2023-6901
published 2023-12-17CVE-2023-6901: A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.86%
85.0th percentile
A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248259.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codelyfe | stupid_simple_cms | — | — |
| codelyfe | stupid_simple_cms | — | — |
| codelyfe | stupid_simple_cms | — | — |
| codelyfe | stupid_simple_cms | — | — |
| codelyfe | stupid_simple_cms | 1.1.7 – 1.2.3 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2023-3141 kernel: Use after free bug in r592_remove
bugzilla·2023-06-07·CVSS 7.1
CVE-2023-3141 [HIGH] CVE-2023-3141 kernel: Use after free bug in r592_remove
CVE-2023-3141 kernel: Use after free bug in r592_remove
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in Linux Kernel. This flaw could allow a local attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem.
Refer:
https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw@mail.gmail.com/t/
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6583
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:6901
---
This issue has been addressed in the f
Bugzilla
CVE-2023-30456 kernel: KVM: nVMX: missing consistency checks for CR0 and CR4
bugzilla·2023-04-20·CVSS 6.5
CVE-2023-30456 [MEDIUM] CVE-2023-30456 kernel: KVM: nVMX: missing consistency checks for CR0 and CR4
CVE-2023-30456 kernel: KVM: nVMX: missing consistency checks for CR0 and CR4
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.
https://github.com/torvalds/linux/commit/112e66017bff7f2837030f34c2bc19501e9212d5
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.8
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6583
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:6901
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2023:70
Bugzilla
CVE-2023-28772 kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow
bugzilla·2023-03-23·CVSS 6.7
CVE-2023-28772 [MEDIUM] CVE-2023-28772 kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow
CVE-2023-28772 kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
References:
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7
https://lkml.kernel.org/r/[email protected]
https://lore.kernel.org/lkml/[email protected]/
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:6901
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2023:7077 https://access.redhat.com/e
Bugzilla
CVE-2023-28328 kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c
bugzilla·2023-03-11·CVSS 5.5
CVE-2023-28328 [MEDIUM] CVE-2023-28328 kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c
CVE-2023-28328 kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c
A null pointer dereference issue was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. A local user could use this flaw to crash the system or potentially cause a denial of service.
Reference:
https://lore.kernel.org/linux-media/[email protected]/
https://lore.kernel.org/lkml/CAO4mrfcPHB5aQJO=mpqV+p8mPLNg-Fok0gw8gZ=zemAfMGTzMg@mail.gmail.com/
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:6901
---
This issue has been ad
Bugzilla
CVE-2023-23455 Kernel: denial of service in atm_tc_enqueue in net/sched/sch_atm.c due to type confusion
bugzilla·2023-02-08·CVSS 5.5
CVE-2023-23455 [MEDIUM] CVE-2023-23455 Kernel: denial of service in atm_tc_enqueue in net/sched/sch_atm.c due to type confusion
CVE-2023-23455 Kernel: denial of service in atm_tc_enqueue in net/sched/sch_atm.c due to type confusion
A denial of service flaw was found in atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel. In this flaw a local attacker may cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:6901
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2
Bugzilla
CVE-2022-3594 kernel: Rate limit overflow messages in r8152 in intr_callback
bugzilla·2022-11-28·CVSS 5.3
CVE-2022-3594 [MEDIUM] CVE-2022-3594 kernel: Rate limit overflow messages in r8152 in intr_callback
CVE-2022-3594 kernel: Rate limit overflow messages in r8152 in intr_callback
A vulnerability was found in Linux Kernel in intr_callback in drivers/net/usb/r8152.c. The manipulation leads to logging of excessive data. The attack can be launched remotely.
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=93e2be344a7db169b7119de21ac1bf253b8c6907
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6583
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:6901
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-
Bugzilla
CVE-2022-45887 kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c
bugzilla·2022-11-25·CVSS 4.7
CVE-2022-45887 [MEDIUM] CVE-2022-45887 kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c
CVE-2022-45887 kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
References:
https://lore.kernel.org/linux-media/[email protected]/
https://lore.kernel.org/linux-media/[email protected]/
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2148521]
---
Upstream fix:
https://github.com/torvalds/linux/commit/517a28133832
---
This was fixed for Fedora in the 6.3.7 stable kernel updates.
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2023:6901 https://access.redhat.c
2023-12-17
Published