Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2023-03-24 CVE-2023-20985 Out-of-bounds Write vulnerability in Google Android 13.0
In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a possible out of bounds write due to improper input validation.
local
low complexity
google CWE-787
7.8
2023-03-24 CVE-2023-20986 Out-of-bounds Read vulnerability in Google Android 13.0
In btm_ble_clear_resolving_list_complete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check.
local
low complexity
google CWE-125
4.4
2023-03-23 CVE-2023-24788 SQL Injection vulnerability in Notrinos Notrinoserp 0.7
RESERVED NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.
network
low complexity
notrinos CWE-89
8.8
2023-03-23 CVE-2023-28329 SQL Injection vulnerability in Moodle
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
network
low complexity
moodle CWE-89
8.8
2023-03-23 CVE-2023-28330 Unspecified vulnerability in Moodle
Insufficient sanitizing in backup resulted in an arbitrary file read risk.
network
low complexity
moodle
6.5
2023-03-23 CVE-2023-28331 Cross-site Scripting vulnerability in Moodle
Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.
network
low complexity
moodle CWE-79
6.1
2023-03-23 CVE-2023-26359 Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
CWE-502
critical
9.8
2023-03-23 CVE-2023-26360 Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
CWE-284
8.6
2023-03-23 CVE-2023-26361 Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in Arbitrary file system read.
network
low complexity
CWE-22
4.9
2023-03-23 CVE-2023-1605 Resource Exhaustion vulnerability in Radare Radare2
Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.
network
low complexity
radare CWE-400
7.5