Security Bulletin 1 Mar 2023
Published on 01 Mar 2023
SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.
The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:
| Critical | vulnerabilities with a base score of 9.0 to 10.0 |
| High | vulnerabilities with a base score of 7.0 to 8.9 |
| Medium | vulnerabilities with a base score of 4.0 to 6.9 |
| Low | vulnerabilities with a base score of 0.1 to 3.9 |
| None | vulnerabilities with a base score of 0.0 |
For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.
CRITICAL VULNERABILITIES
| CVE Number | Description | Base Score | Reference |
|---|---|---|---|
| CVE-2019-5485 | NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2019-5485 |
| CVE-2020-12388 | The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2020-12388 |
| CVE-2023-25765 | In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-25765 |
| CVE-2018-3777 | Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3777 |
| CVE-2019-10269 | BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10269 |
| CVE-2019-11766 | dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11766 |
| CVE-2018-10698 | An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10698 |
| CVE-2019-13372 | /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13372 |
| CVE-2019-13478 | The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13478 |
| CVE-2019-13132 | In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13132 |
| CVE-2019-12803 | In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12803 |
| CVE-2019-13575 | A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13575 |
| CVE-2019-13572 | The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13572 |
| CVE-2019-14695 | A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers Table ordering is mishandled. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14695 |
| CVE-2019-9010 | An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-9010 |
| CVE-2019-15107 | An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-15107 |
| CVE-2015-9333 | The cforms2 plugin before 14.6.10 for WordPress has SQL injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-9333 |
| CVE-2018-20997 | An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-20997 |
| CVE-2019-16119 | SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16119 |
| CVE-2016-10954 | The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-10954 |
| CVE-2019-15741 | An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-15741 |
| CVE-2019-16891 | Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16891 |
| CVE-2019-18413 | In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-18413 |
| CVE-2020-12278 | An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-12278 |
| CVE-2020-12279 | An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-12279 |
| CVE-2021-32563 | An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32563 |
| CVE-2021-42575 | The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42575 |
| CVE-2020-23685 | SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-23685 |
| CVE-2021-41080 | Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-41080 |
| CVE-2021-41081 | Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-41081 |
| CVE-2021-43527 | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \\#7, or PKCS \\#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-43527 |
| CVE-2021-43113 | iTextPDF in iText 7 and up to 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-43113 |
| CVE-2021-44732 | Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-44732 |
| CVE-2021-40393 | An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40393 |
| CVE-2021-40394 | An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40394 |
| CVE-2021-42392 | The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42392 |
| CVE-2021-33963 | China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33963 |
| CVE-2022-23305 | By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23305 |
| CVE-2020-25905 | An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-25905 |
| CVE-2021-3773 | A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-3773 |
| CVE-2022-0691 | Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0691 |
| CVE-2022-24720 | image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is called internally by Active Storage variants, so Active Storage is vulnerable as well. The vulnerability has been fixed in version 1.12.2 of image_processing. As a workaround, users who process based on user input should always sanitize the user input by allowing only a constrained set of operations. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24720 |
| CVE-2022-0839 | Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0839 |
| CVE-2022-27002 | Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27002 |
| CVE-2019-9564 | A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-9564 |
| CVE-2022-23457 | ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. However, maintainers do not recommend this. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23457 |
| CVE-2022-31031 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31031 |
| CVE-2022-25845 | The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25845 |
| CVE-2022-31053 | Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid ?-signatures. Such an attack would allow an attacker to create a token with any access level. The version 2 of the specification mandates a different algorithm than gamma signatures and as such is not affected by this vulnerability. The Biscuit implementations in Rust, Haskell, Go, Java and Javascript all have published versions following the v2 specification. There are no known workarounds for this issue. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31053 |
| CVE-2022-28171 | The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28171 |
| CVE-2022-31836 | The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31836 |
| CVE-2020-7677 | This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-7677 |
| CVE-2022-31814 | pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31814 |
| CVE-2022-39244 | PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-39244 |
| CVE-2022-3275 | Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3275 |
| CVE-2022-37601 | Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils 2.0.0 via the name variable in parseQuery.js. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-37601 |
| CVE-2022-29822 | Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29822 |
| CVE-2022-29823 | Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29823 |
| CVE-2022-2422 | Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2422 |
| CVE-2022-40242 | MegaRAC Default Credentials Vulnerability | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40242 |
| CVE-2022-40259 | MegaRAC Default Credentials Vulnerability | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40259 |
| CVE-2022-38143 | A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38143 |
| CVE-2022-44877 | login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44877 |
| CVE-2022-4422 | This issue affects: Bulutses Bilgi Teknolojileri LTD. ?T?. BULUTDESK CALLCENTER versions prior to 3.0. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4422 |
| CVE-2023-0297 | Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0297 |
| CVE-2022-47770 | Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47770 |
| CVE-2023-23076 | OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23076 |
| CVE-2023-25136 | OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25136 |
| CVE-2023-24576 | EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service (nsrexecd) irrespective of any auth used. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24576 |
| CVE-2023-0782 | A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220640. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0782 |
| CVE-2022-45088 | Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.This issue affects Smartpower Web: before 23.01.01. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45088 |
| CVE-2022-4557 | Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4557 |
| CVE-2023-0784 | A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. Affected is an unknown function of the component Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220644. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0784 |
| CVE-2023-0788 | Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0788 |
| CVE-2023-0789 | Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0789 |
| CVE-2022-48322 | NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P before 1.4.4.94, and R8000P before 1.4.4.94. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48322 |
| CVE-2022-48323 | Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the pathname of the powershell.exe program. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48323 |
| CVE-2022-40022 | Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40022 |
| CVE-2022-4445 | The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4445 |
| CVE-2022-3089 | Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3089 |
| CVE-2023-23551 | Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23551 |
| CVE-2023-25717 | Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25717 |
| CVE-2023-25718 | The cryptographic code signing process and controls on ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect) are cryptographically flawed. An attacker can remotely generate or locally alter file contents and bypass code-signing controls. This can be used to execute code as a trusted application provider, escalate privileges, or execute arbitrary commands in the context of the user. The attacker tampers with a trusted, signed executable in transit. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25718 |
| CVE-2023-24084 | ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24084 |
| CVE-2023-24646 | An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24646 |
| CVE-2022-47034 | A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47034 |
| CVE-2023-24482 | A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), COMOS V10.4.0.0 (All versions < V10.4.0.0.31), COMOS V10.4.1.0 (All versions < V10.4.1.0.32), COMOS V10.4.2.0 (All versions < V10.4.2.0.25). Cache validation service in COMOS is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24482 |
| CVE-2023-24159 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24159 |
| CVE-2023-24160 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24160 |
| CVE-2023-24161 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24161 |
| CVE-2023-21689 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21689 |
| CVE-2023-21690 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21690 |
| CVE-2023-21692 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21692 |
| CVE-2023-21716 | Microsoft Word Remote Code Execution Vulnerability | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21716 |
| CVE-2023-21803 | Windows iSCSI Discovery Service Remote Code Execution Vulnerability | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21803 |
| CVE-2023-25156 | Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a rate-limiting proxy in front of Kiwi TCMS. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25156 |
| CVE-2022-46892 | In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46892 |
| CVE-2023-22804 | LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22804 |
| CVE-2023-22807 | LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22807 |
| CVE-2023-23459 | Priority Windows may allow Command Execution via SQL Injection using an unspecified method. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23459 |
| CVE-2023-23460 | Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23460 |
| CVE-2023-23461 | Libpeconv – access violation, before commit b076013 (30/11/2022). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23461 |
| CVE-2023-23462 | Libpeconv – integer overflow, before commit 75b1565 (30/11/2022). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23462 |
| CVE-2023-22855 | Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22855 |
| CVE-2020-21119 | SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to gain escalated privileges and execute arbitrary code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-21119 |
| CVE-2020-21120 | SQL Injection vulnerability in file home\\controls\\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-21120 |
| CVE-2021-33304 | Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33304 |
| CVE-2021-33925 | SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33925 |
| CVE-2023-0849 | A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0849 |
| CVE-2023-0568 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0568 |
| CVE-2023-22578 | Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22578 |
| CVE-2023-24236 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24236 |
| CVE-2023-24238 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24238 |
| CVE-2021-42756 | Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42756 |
| CVE-2021-42761 | A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42761 |
| CVE-2022-38375 | An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38375 |
| CVE-2022-39952 | A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-39952 |
| CVE-2022-25987 | Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler Classic before version 2021.6 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25987 |
| CVE-2022-29514 | Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29514 |
| CVE-2022-33964 | Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33964 |
| CVE-2021-43529 | Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS signatures. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-43529 |
| CVE-2023-24219 | LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24219 |
| CVE-2023-24220 | LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24220 |
| CVE-2023-24221 | LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24221 |
| CVE-2023-0883 | A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php-opos/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221350 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0883 |
| CVE-2022-40347 | SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40347 |
| CVE-2022-40032 | SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40032 |
| CVE-2020-29168 | SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-29168 |
| CVE-2022-47986 | IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47986 |
| CVE-2021-32142 | Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32142 |
| CVE-2021-32163 | Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32163 |
| CVE-2021-33226 | Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33226 |
| CVE-2021-33391 | An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33391 |
| CVE-2021-33948 | SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33948 |
| CVE-2021-33949 | An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33949 |
| CVE-2021-35261 | File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary remote code via the Upfile function of the extend/tools/Ueditor endpoint. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35261 |
| CVE-2023-23279 | Canteen Management System 1.0 is vulnerable to SQL Injection via /php_action/getOrderReport.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23279 |
| CVE-2021-26277 | The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26277 |
| CVE-2023-23064 | TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23064 |
| CVE-2023-0917 | A vulnerability, which was classified as critical, was found in SourceCodester Simple Customer Relationship Management System 1.0. This affects an unknown part of the file /php-scrm/login.php. The manipulation of the argument Password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221493 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0917 |
| CVE-2023-0918 | A vulnerability has been found in codeprojects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file add.php of the component Avatar Image Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221494 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0918 |
| CVE-2014-125087 | A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2014-125087 |
| CVE-2022-48328 | app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48328 |
| CVE-2022-48329 | MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48329 |
| CVE-2023-26092 | Liima before 1.17.28 allows server-side template injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26092 |
| CVE-2023-26093 | Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26093 |
| CVE-2012-10008 | A vulnerability, which was classified as critical, has been found in uakfdotb oneapp. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is 5413ac804f1b09f9decc46a6c37b08352c49669c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221483. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2012-10008 |
| CVE-2013-10019 | A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.62 is able to address this issue. The name of the patch is 6cc65501869fa663bcd24a70b63f41f5cfe6b3e1. It is recommended to upgrade the affected component. The identifier VDB-221489 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2013-10019 |
| CVE-2023-0232 | The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0232 |
| CVE-2023-0938 | A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221553 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0938 |
| CVE-2023-0946 | A vulnerability has been found in SourceCodester Best POS Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file billing/index.php?id=9. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-221593 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0946 |
| CVE-2023-1040 | A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. Affected by this issue is some unknown functionality of the file tracking/admin/add_acc.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-221798 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1040 |
| CVE-2022-45138 | The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45138 |
| CVE-2022-45140 | The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45140 |
| CVE-2019-13363 | admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-13363 |
| CVE-2019-13364 | admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-13364 |
| CVE-2020-19825 | Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-19825 |
| CVE-2018-3745 | atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-3745 |
| CVE-2019-1010257 | An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can be downloaded. The file will be deleted after download if the web server has permission to do so. For PHP versions before 5.3, any file can be read by null terminating the string left of the file extension. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-1010257 |
| CVE-2019-9918 | An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-9918 |
| CVE-2019-12523 | An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-12523 |
| CVE-2018-25012 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-25012 |
| CVE-2022-0686 | Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-0686 |
| CVE-2022-1996 | Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-1996 |
| CVE-2021-33643 | An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-33643 |
| CVE-2022-37032 | An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-37032 |
| CVE-2022-39269 | PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-39269 |
| CVE-2023-24188 | ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-24188 |
| CVE-2023-25725 | HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25725 |
| CVE-2023-0102 | LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0102 |
| CVE-2022-43969 | Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-43969 |
| CVE-2022-3843 | In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-3843 |
| CVE-2022-39954 | An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-39954 |
| CVE-2023-26253 | In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26253 |
OTHER VULNERABILITIES
| CVE Number | Description | Base Score | Reference |
|---|---|---|---|
| CVE-2018-3719 | mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3719 |
| CVE-2018-3720 | assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3720 |
| CVE-2018-3775 | Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3775 |
| CVE-2018-16981 | stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-16981 |
| CVE-2019-11557 | The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11557 |
| CVE-2019-11591 | The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11591 |
| CVE-2019-11328 | An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11328 |
| CVE-2019-11872 | The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer through Excel functions as the plugin does not sanitize the user's input and allows insertion of any text. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11872 |
| CVE-2018-10697 | An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10697 |
| CVE-2018-10702 | An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to command injection via shell metacharacters. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10702 |
| CVE-2018-20847 | An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-20847 |
| CVE-2018-6156 | Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-6156 |
| CVE-2019-13300 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13300 |
| CVE-2019-12527 | An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12527 |
| CVE-2019-13386 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13386 |
| CVE-2016-10874 | The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-10874 |
| CVE-2019-14788 | wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14788 |
| CVE-2019-15942 | FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-15942 |
| CVE-2019-16120 | CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16120 |
| CVE-2019-10392 | Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10392 |
| CVE-2016-10945 | The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-10945 |
| CVE-2020-8813 | graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-8813 |
| CVE-2021-28663 | The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-28663 |
| CVE-2021-36981 | In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-36981 |
| CVE-2020-21598 | libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-21598 |
| CVE-2021-43137 | Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-43137 |
| CVE-2022-23302 | JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23302 |
| CVE-2022-23307 | CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23307 |
| CVE-2021-40426 | A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40426 |
| CVE-2022-28042 | stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28042 |
| CVE-2022-31619 | A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31619 |
| CVE-2022-31626 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31626 |
| CVE-2022-2111 | Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2111 |
| CVE-2022-2112 | Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2112 |
| CVE-2022-33183 | A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33183 |
| CVE-2022-46342 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46342 |
| CVE-2022-46343 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46343 |
| CVE-2022-46344 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46344 |
| CVE-2022-46175 | JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46175 |
| CVE-2022-42898 | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug." | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42898 |
| CVE-2016-15005 | CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-15005 |
| CVE-2023-0315 | Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0315 |
| CVE-2023-22482 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) claim in signed tokens. The value of that claim specifies the intended audience(s) of the token (i.e. the service or services which are meant to accept the token). Argo CD _does_ validate that the token was signed by Argo CD's configured OIDC provider. But Argo CD _does not_ validate the audience claim, so it will accept tokens that are not intended for Argo CD. If Argo CD's configured OIDC provider also serves other audiences (for example, a file storage service), then Argo CD will accept a token intended for one of those other audiences. Argo CD will grant the user privileges based on the token's `groups` claim, even though those groups were not intended to be used by Argo CD. This bug also increases the impact of a stolen token. If an attacker steals a valid token for a different audience, they can use it to access Argo CD. A patch for this vulnerability has been released in versions 2.6.0-rc3, 2.5.6, 2.4.19, and 2.3.13. There are no workarounds. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22482 |
| CVE-2023-25152 | Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their containers to privileged mode, or potentially add ssh authorized keys to allow the attacker access to a remote shell on the target machine. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by the Wings Daemon. This vulnerability has been resolved in version `v1.11.3` of the Wings Daemon, and has been back-ported to the 1.7 release series in `v1.7.3`. Anyone running `v1.11.x` should upgrade to `v1.11.3` and anyone running `v1.7.x` should upgrade to `v1.7.3`. There are no known workarounds for this vulnerability. ### Workarounds None at this time. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25152 |
| CVE-2022-45089 | Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45089 |
| CVE-2022-45090 | Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45090 |
| CVE-2023-20076 | A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20076 |
| CVE-2023-0790 | Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0790 |
| CVE-2023-0793 | Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0793 |
| CVE-2022-45725 | Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45725 |
| CVE-2023-25719 | ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25719 |
| CVE-2023-25240 | An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25240 |
| CVE-2022-43469 | Cross-Site Request Forgery (CSRF) vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data plugin <= 1.7.0.6 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43469 |
| CVE-2023-25066 | Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.30.7212 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25066 |
| CVE-2022-46862 | Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46862 |
| CVE-2023-24377 | Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24377 |
| CVE-2023-24382 | Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24382 |
| CVE-2023-25065 | Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25065 |
| CVE-2023-25149 | TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run with a locked down `search_path`, allowing malicious users to create functions that would be executed by the telemetry job, leading to privilege escalation. In order to be able to take advantage of this vulnerability, a user would need to be able to create objects in a database and then get a superuser to install TimescaleDB into their database. When TimescaleDB is installed as trusted extension, non-superusers can install the extension without help from a superuser. Version 2.9.3 fixes this issue. As a mitigation, the `search_path` of the user running the telemetry job can be locked down to not include schemas writable by other users. The vulnerability is not exploitable on instances in Timescale Cloud and Managed Service for TimescaleDB due to additional security provisions in place on those platforms. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25149 |
| CVE-2023-0830 | A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-220950 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0830 |
| CVE-2023-22935 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass [SPL safeguards for risky commands](https://docs.splunk.com/Documentation/Splunk/latest/Security/SPLsafeguards). The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22935 |
| CVE-2023-22939 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search [bypass SPL safeguards for risky commands](https://docs.splunk.com/Documentation/Splunk/latest/Security/SPLsafeguards). The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22939 |
| CVE-2023-21529 | Microsoft Exchange Server Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21529 |
| CVE-2023-21684 | Microsoft PostScript Printer Driver Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21684 |
| CVE-2023-21685 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21685 |
| CVE-2023-21686 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21686 |
| CVE-2023-21695 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21695 |
| CVE-2023-21705 | Microsoft SQL Server Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21705 |
| CVE-2023-21706 | Microsoft Exchange Server Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21706 |
| CVE-2023-21707 | Microsoft Exchange Server Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21707 |
| CVE-2023-21713 | Microsoft SQL Server Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21713 |
| CVE-2023-21717 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21717 |
| CVE-2023-21797 | Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21797 |
| CVE-2023-21798 | Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21798 |
| CVE-2023-21799 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21799 |
| CVE-2023-22629 | An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22629 |
| CVE-2022-29557 | LexisNexis Firco Compliance Link 3.7 allows CSRF. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29557 |
| CVE-2022-42735 | Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 . | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42735 |
| CVE-2023-0841 | A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0841 |
| CVE-2023-25767 | A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25767 |
| CVE-2023-23465 | Media CP Media Control Panel latest version. CSRF possible through unspecified endpoint. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23465 |
| CVE-2022-38867 | SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38867 |
| CVE-2022-38935 | An issue was discovered in NiterForum version 2.5.0-beta in /src/main/java/cn/niter/forum/api/SsoApi.java and /src/main/java/cn/niter/forum/controller/AdminController.java, allows attackers to gain escalated privileges. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38935 |
| CVE-2023-0861 | NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0861 |
| CVE-2023-0862 | The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0862 |
| CVE-2023-22579 | Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22579 |
| CVE-2022-30303 | An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as `root` user via crafted HTTP requests. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30303 |
| CVE-2022-30306 | A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30306 |
| CVE-2022-33869 | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33869 |
| CVE-2022-40677 | A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40677 |
| CVE-2023-23779 | Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23779 |
| CVE-2023-23780 | A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23780 |
| CVE-2023-23781 | A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23781 |
| CVE-2023-0877 | Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0877 |
| CVE-2023-24078 | Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24078 |
| CVE-2023-0882 | Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0882 |
| CVE-2022-45701 | Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45701 |
| CVE-2023-0822 | The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0822 |
| CVE-2023-0904 | A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file task-details.php. The manipulation of the argument task_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221453 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0904 |
| CVE-2023-0912 | A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. This affects an unknown part of the file /adms/admin/?page=vehicles/view_transaction. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221481 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0912 |
| CVE-2023-0913 | A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. This vulnerability affects unknown code of the file /adms/admin/?page=vehicles/sell_vehicle. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221482 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0913 |
| CVE-2023-0915 | A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. Affected is an unknown function of the file /adms/admin/?page=user/manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221490 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0915 |
| CVE-2023-0916 | A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0916 |
| CVE-2023-0943 | A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects some unknown processing of the file index.php?page=site_settings of the component Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0943 |
| CVE-2023-0928 | Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0928 |
| CVE-2023-0929 | Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0929 |
| CVE-2023-0930 | Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0930 |
| CVE-2023-0931 | Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0931 |
| CVE-2023-0932 | Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0932 |
| CVE-2023-0933 | Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0933 |
| CVE-2023-0941 | Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0941 |
| CVE-2023-0966 | A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=orders/view_order. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221635. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0966 |
| CVE-2023-1035 | A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as critical. Affected is an unknown function of the file update_user.php. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221784. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1035 |
| CVE-2023-21777 | Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability | 8.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21777 |
| CVE-2021-37712 | The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 "short path" counterparts. A specially crafted tar archive could thus include a directory with one form of the path, followed by a symbolic link with a different string that resolves to the same file system entity, followed by a file using the first form. By first creating a directory, and then replacing that directory with a symlink that had a different apparent name that resolved to the same entry in the filesystem, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-qq89-hq3f-393p. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-37712 |
| CVE-2021-43775 | Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)� sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-43775 |
| CVE-2021-40401 | A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-40401 |
| CVE-2022-25762 | If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-25762 |
| CVE-2022-3872 | An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-3872 |
| CVE-2023-23947 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All Argo CD versions starting with 2.3.0-rc1 and prior to 2.3.17, 2.4.23 2.5.11, and 2.6.2 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluster secret to update any cluster secret. The attacker could use this access to escalate privileges (potentially controlling Kubernetes resources) or to break Argo CD functionality (by preventing connections to external clusters). A patch for this vulnerability has been released in Argo CD versions 2.6.2, 2.5.11, 2.4.23, and 2.3.17. Two workarounds are available. Either modify the RBAC configuration to completely revoke all `clusters, update` access, or use the `destinations` and `clusterResourceWhitelist` fields to apply similar restrictions as the `namespaces` and `clusterResources` fields. | 8.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23947 |
| CVE-2019-9811 | As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-9811 |
| CVE-2023-23374 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-23374 |
| CVE-2019-17533 | Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-17533 |
| CVE-2023-25564 | GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable `outlen` was not initialized and could cause writing a zero to an arbitrary place in memory if `ntlm_str_convert()` were to fail, which would leave `outlen` uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. This vulnerability can trigger an out-of-bounds write, leading to memory corruption. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This issue is fixed in version 1.2.0. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-25564 |
| CVE-2023-21806 | Power BI Report Server Spoofing Vulnerability | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-21806 |
| CVE-2023-23923 | The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-23923 |
| CVE-2018-3761 | Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-3761 |
| CVE-2018-10925 | It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-10925 |
| CVE-2018-10690 | An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-10690 |
| CVE-2018-10694 | An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between the user's computer and the device. This can allow an attacker to steal the credentials passing over the HTTP connection as well as TELNET traffic. Also an attacker can MITM the response and infect a user's computer very easily as well. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-10694 |
| CVE-2016-10931 | An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-10931 |
| CVE-2020-11538 | In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-11538 |
| CVE-2022-24801 | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-24801 |
| CVE-2022-27778 | A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-27778 |
| CVE-2022-31625 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-31625 |
| CVE-2022-32212 | A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-32212 |
| CVE-2022-38258 | A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-38258 |
| CVE-2021-37789 | stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-37789 |
| CVE-2022-43548 | A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-43548 |
| CVE-2022-41981 | A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-41981 |
| CVE-2022-4138 | A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4138 |
| CVE-2023-23926 | APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An XML External Entity (XXE) vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 in Neo4j graph database. XML External Entity (XXE) injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was not configured in a secure way and therefore allowed this. External entities can be used to read local files, send HTTP requests, and perform denial-of-service attacks on the application. Abusing the XXE vulnerability enabled assessors to read local files remotely. Although with the level of privileges assessors had this was limited to one-line files. With the ability to write to the database, any file could have been read. Additionally, assessors noted, with local testing, the server could be crashed by passing in improperly formatted XML. The minimum version containing a patch for this vulnerability is 5.5.0. Those who cannot upgrade the library can control the allowlist of the procedures that can be used in your system. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-23926 |
| CVE-2022-41335 | A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-41335 |
| CVE-2023-22934 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass [SPL safeguards for risky commands](https://docs.splunk.com/Documentation/Splunk/latest/Security/SPLsafeguards) using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser. The vulnerability affects instances with Splunk Web enabled. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22934 |
| CVE-2023-21778 | Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability | 8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21778 |
| CVE-2017-5546 | The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-5546 |
| CVE-2017-8067 | drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-8067 |
| CVE-2017-8890 | The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-8890 |
| CVE-2017-9074 | The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-9074 |
| CVE-2017-9075 | The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-9075 |
| CVE-2017-9076 | The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-9076 |
| CVE-2017-9077 | The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-9077 |
| CVE-2017-9984 | The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-9984 |
| CVE-2017-9985 | The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-9985 |
| CVE-2017-8824 | The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-8824 |
| CVE-2017-17855 | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-17855 |
| CVE-2018-5332 | In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-5332 |
| CVE-2018-7480 | The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-7480 |
| CVE-2018-3710 | Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3710 |
| CVE-2018-8781 | The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-8781 |
| CVE-2018-10675 | The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10675 |
| CVE-2018-11506 | The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-11506 |
| CVE-2018-13406 | An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-13406 |
| CVE-2018-10901 | A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10901 |
| CVE-2018-14678 | An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-14678 |
| CVE-2018-14619 | A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-14619 |
| CVE-2018-16276 | An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-16276 |
| CVE-2018-17182 | An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-17182 |
| CVE-2018-9568 | In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-9568 |
| CVE-2018-1000876 | binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-1000876 |
| CVE-2019-8956 | In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-8956 |
| CVE-2019-11487 | The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11487 |
| CVE-2019-2054 | In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-2054 |
| CVE-2019-13241 | FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13241 |
| CVE-2019-13304 | ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13304 |
| CVE-2019-13305 | ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13305 |
| CVE-2019-13306 | ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13306 |
| CVE-2019-13307 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13307 |
| CVE-2019-13313 | libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13313 |
| CVE-2019-14267 | PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14267 |
| CVE-2019-14744 | In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14744 |
| CVE-2018-1796 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-1796 |
| CVE-2019-4253 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-4253 |
| CVE-2017-18595 | An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-18595 |
| CVE-2019-15927 | An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-15927 |
| CVE-2019-11660 | Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11660 |
| CVE-2019-16294 | SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16294 |
| CVE-2019-16729 | pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16729 |
| CVE-2019-0145 | Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-0145 |
| CVE-2019-18675 | The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-18675 |
| CVE-2019-19448 | In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-19448 |
| CVE-2020-8835 | In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-8835 |
| CVE-2020-13974 | An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13974 |
| CVE-2020-10379 | In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-10379 |
| CVE-2020-14356 | A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-14356 |
| CVE-2020-14386 | A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-14386 |
| CVE-2020-26130 | Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenTFTPServerMT.exe or the OpenTFTPServerSP.exe binary. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-26130 |
| CVE-2020-26131 | Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenDHCPServer.exe (Regular) or the OpenDHCPLdap.exe (LDAP Based) binary. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-26131 |
| CVE-2020-26132 | An issue was discovered in Home DNS Server 0.10. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the HomeDNSServer.exe binary. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-26132 |
| CVE-2020-26133 | An issue was discovered in Dual DHCP DNS Server 7.40. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the DualServer.exe binary. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-26133 |
| CVE-2021-28375 | An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-28375 |
| CVE-2021-29266 | An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-29266 |
| CVE-2021-29154 | BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-29154 |
| CVE-2020-25669 | A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-25669 |
| CVE-2021-33200 | kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33200 |
| CVE-2020-36387 | An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-36387 |
| CVE-2021-28021 | Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-28021 |
| CVE-2021-43336 | An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-43336 |
| CVE-2022-25636 | net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25636 |
| CVE-2021-43138 | In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-43138 |
| CVE-2022-24765 | Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24765 |
| CVE-2022-30594 | The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30594 |
| CVE-2022-25153 | The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25153 |
| CVE-2022-20144 | In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-250637906 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20144 |
| CVE-2022-38223 | There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38223 |
| CVE-2022-3636 | A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3636 |
| CVE-2022-33182 | A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33182 |
| CVE-2022-33185 | Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33185 |
| CVE-2022-40304 | An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40304 |
| CVE-2022-44666 | Windows Contacts Remote Code Execution Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44666 |
| CVE-2022-4283 | A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4283 |
| CVE-2022-3715 | A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3715 |
| CVE-2022-3977 | A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3977 |
| CVE-2022-38396 | HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38396 |
| CVE-2022-42292 | NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42292 |
| CVE-2023-22345 | Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process when out of specification errors are detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22345 |
| CVE-2023-22346 | Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing template information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22346 |
| CVE-2023-22347 | Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22347 |
| CVE-2023-22349 | Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing screen management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22349 |
| CVE-2023-22350 | Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing parts management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22350 |
| CVE-2023-22353 | Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22353 |
| CVE-2023-22360 | Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22360 |
| CVE-2022-45455 | Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45455 |
| CVE-2023-0817 | Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0817 |
| CVE-2023-0819 | Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0819 |
| CVE-2023-24187 | An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24187 |
| CVE-2022-31808 | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), SiPass integrated ACC-AP (All versions < V2.85.43). Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31808 |
| CVE-2022-47936 | A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150). The affected application contains a stack overflow vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47936 |
| CVE-2022-47977 | A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0). The affected application contains a memory corruption vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47977 |
| CVE-2023-24549 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application is vulnerable to stack-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24549 |
| CVE-2023-24550 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application is vulnerable to heap-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24550 |
| CVE-2023-24551 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application is vulnerable to heap-based buffer underflow while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24551 |
| CVE-2023-24552 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24552 |
| CVE-2023-24553 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24553 |
| CVE-2023-24554 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24554 |
| CVE-2023-24555 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24555 |
| CVE-2023-24556 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24556 |
| CVE-2023-24557 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24557 |
| CVE-2023-24558 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24558 |
| CVE-2023-24559 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24559 |
| CVE-2023-24560 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24560 |
| CVE-2023-24561 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24561 |
| CVE-2023-24562 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24562 |
| CVE-2023-24563 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24563 |
| CVE-2023-24564 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V2023Update2). The affected application contains a memory corruption vulnerability while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19069) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24564 |
| CVE-2023-24566 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V2023Update2). The affected application is vulnerable to stack-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19472) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24566 |
| CVE-2023-24581 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V2023Update2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted STP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19425) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24581 |
| CVE-2023-24978 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19788) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24978 |
| CVE-2023-24979 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19789) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24979 |
| CVE-2023-24980 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19790) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24980 |
| CVE-2023-24981 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19791) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24981 |
| CVE-2023-24982 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19804) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24982 |
| CVE-2023-24983 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19805) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24983 |
| CVE-2023-24984 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19806) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24984 |
| CVE-2023-24985 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19807) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24985 |
| CVE-2023-24986 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19808) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24986 |
| CVE-2023-24987 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19809) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24987 |
| CVE-2023-24988 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19810) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24988 |
| CVE-2023-24989 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19811) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24989 |
| CVE-2023-24990 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19812) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24990 |
| CVE-2023-24991 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19813) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24991 |
| CVE-2023-24992 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19814) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24992 |
| CVE-2023-24993 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19815) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24993 |
| CVE-2023-24994 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19816) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24994 |
| CVE-2023-24995 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19817) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24995 |
| CVE-2023-24996 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19818) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24996 |
| CVE-2023-25140 | A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150), Solid Edge SE2022 (All versions < V2210Update12). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25140 |
| CVE-2023-21528 | Microsoft SQL Server Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21528 |
| CVE-2023-21688 | NT OS Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21688 |
| CVE-2023-21704 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21704 |
| CVE-2023-21718 | Microsoft SQL ODBC Driver Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21718 |
| CVE-2023-21800 | Windows Installer Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21800 |
| CVE-2023-21801 | Microsoft PostScript Printer Driver Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21801 |
| CVE-2023-21802 | Windows Media Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21802 |
| CVE-2023-21804 | Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21804 |
| CVE-2023-21805 | Windows MSHTML Platform Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21805 |
| CVE-2023-21809 | Microsoft Defender for Endpoint Security Feature Bypass Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21809 |
| CVE-2023-21812 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21812 |
| CVE-2023-21817 | Windows Kerberos Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21817 |
| CVE-2023-21822 | Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21822 |
| CVE-2023-23376 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23376 |
| CVE-2023-23377 | 3D Builder Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23377 |
| CVE-2023-23378 | Print 3D Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23378 |
| CVE-2023-23390 | 3D Builder Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23390 |
| CVE-2023-21566 | Visual Studio Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21566 |
| CVE-2023-21808 | .NET and Visual Studio Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21808 |
| CVE-2023-21815 | Visual Studio Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21815 |
| CVE-2023-21823 | Windows Graphics Component Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21823 |
| CVE-2023-23381 | Visual Studio Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23381 |
| CVE-2023-23618 | Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patch is available in version 2.39.2. As a workaround, avoid using `gitk` (or Git GUI's "Visualize History" functionality) in clones of untrusted repositories. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23618 |
| CVE-2023-22368 | Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22368 |
| CVE-2023-20927 | In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20927 |
| CVE-2023-25011 | PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25011 |
| CVE-2022-45153 | An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45153 |
| CVE-2022-47506 | SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47506 |
| CVE-2022-42455 | ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42455 |
| CVE-2023-25173 | containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25173 |
| CVE-2023-24483 | A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24483 |
| CVE-2023-24485 | Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24485 |
| CVE-2022-27482 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27482 |
| CVE-2022-40678 | An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40678 |
| CVE-2022-40683 | A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or commands via specially crafted commands | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40683 |
| CVE-2023-23782 | A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privilege via specifically crafted arguments to existing commands. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23782 |
| CVE-2023-23783 | A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23783 |
| CVE-2023-25602 | A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 all versions, FortiWeb 5.6 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25602 |
| CVE-2022-25992 | Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25992 |
| CVE-2022-26840 | Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26840 |
| CVE-2022-33892 | Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33892 |
| CVE-2022-33902 | Insufficient control flow management in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33902 |
| CVE-2022-40080 | Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40080 |
| CVE-2023-0866 | Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0866 |
| CVE-2022-27170 | Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27170 |
| CVE-2022-33190 | Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33190 |
| CVE-2022-33946 | Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33946 |
| CVE-2022-34346 | Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34346 |
| CVE-2022-34841 | Improper buffer restrictions in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34841 |
| CVE-2022-34854 | Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34854 |
| CVE-2022-32972 | Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32972 |
| CVE-2023-21574 | Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21574 |
| CVE-2023-21575 | Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21575 |
| CVE-2023-21576 | Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21576 |
| CVE-2023-22226 | Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22226 |
| CVE-2023-22227 | Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22227 |
| CVE-2023-22228 | Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22228 |
| CVE-2023-22229 | Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22229 |
| CVE-2023-22230 | Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22230 |
| CVE-2023-22237 | After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22237 |
| CVE-2023-22238 | After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22238 |
| CVE-2023-22239 | After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22239 |
| CVE-2021-32845 | HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of `qnotify` at `pci_vtrnd_notify` fails to check the return value of `vq_getchain`. This leads to `struct iovec iov;` being uninitialized and used to read memory in `len = (int) read(sc->vrsc_fd, iov.iov_base, iov.iov_len);` when an attacker is able to make `vq_getchain` fail. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit 41272a980197917df8e58ff90642d14dec8fe948. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32845 |
| CVE-2021-32846 | HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function `pci_vtsock_proc_tx` in `virtio-sock` can lead to to uninitialized memory use. In this situation, there is a check for the return value to be less or equal to `VTSOCK_MAXSEGS`, but that check is not sufficient because the function can return `-1` if it finds an error it cannot recover from. Moreover, the negative return value will be used by `iovec_pull` in a while condition that can further lead to more corruption because the function is not designed to handle a negative `iov_len`. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit af5eba2360a7351c08dfd9767d9be863a50ebaba. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32846 |
| CVE-2022-23540 | In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do not specify algorithms in the `jwt.verify()` function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options. | 7.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-23540 |
| CVE-2018-3733 | crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3733 |
| CVE-2018-3711 | Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3711 |
| CVE-2018-3727 | 626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3727 |
| CVE-2018-3729 | localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3729 |
| CVE-2018-3732 | resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3732 |
| CVE-2018-3766 | Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3766 |
| CVE-2018-3787 | Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3787 |
| CVE-2019-10894 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10894 |
| CVE-2019-10896 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10896 |
| CVE-2019-10901 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10901 |
| CVE-2019-10903 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10903 |
| CVE-2019-6451 | On SOYAL AR-727H and AR-829Ev5 devices, all CGI programs allow unauthenticated POST access. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-6451 |
| CVE-2019-14206 | An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to delete arbitrary files via the $REQUEST['adaptive-images-settings'] parameter in adaptive-images-script.php. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14206 |
| CVE-2019-14439 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14439 |
| CVE-2019-15323 | The ad-inserter plugin before 2.4.20 for WordPress has path traversal. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-15323 |
| CVE-2019-16056 | An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16056 |
| CVE-2019-16163 | Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16163 |
| CVE-2019-12401 | Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-12401 |
| CVE-2019-5484 | Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5484 |
| CVE-2019-0207 | Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\\`, so attacker can perform a path traversal attack to read any files on Windows platform. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-0207 |
| CVE-2019-4183 | IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-4183 |
| CVE-2019-10411 | Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10411 |
| CVE-2019-10412 | Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10412 |
| CVE-2019-12422 | Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-12422 |
| CVE-2017-18640 | The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-18640 |
| CVE-2020-4067 | In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-4067 |
| CVE-2020-24659 | An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-24659 |
| CVE-2020-28366 | Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-28366 |
| CVE-2021-33813 | An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33813 |
| CVE-2021-35515 | When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35515 |
| CVE-2021-35516 | When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35516 |
| CVE-2021-35517 | When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35517 |
| CVE-2021-36090 | When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-36090 |
| CVE-2021-37136 | The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-37136 |
| CVE-2021-37137 | The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-37137 |
| CVE-2021-45485 | In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-45485 |
| CVE-2021-44345 | Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-44345 |
| CVE-2022-24839 | org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24839 |
| CVE-2022-29153 | HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29153 |
| CVE-2022-24290 | A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). The tcserver.exe binary in affected applications is vulnerable to a stack overflow condition during the parsing of user input that may lead the binary to crash. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24290 |
| CVE-2022-29801 | A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29801 |
| CVE-2022-32035 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32035 |
| CVE-2022-31129 | moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31129 |
| CVE-2020-16093 | In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-16093 |
| CVE-2021-37150 | Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-37150 |
| CVE-2022-28129 | Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28129 |
| CVE-2022-31780 | Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31780 |
| CVE-2022-36324 | Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36324 |
| CVE-2022-28131 | Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28131 |
| CVE-2022-29804 | Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29804 |
| CVE-2022-25761 | The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25761 |
| CVE-2022-22728 | A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22728 |
| CVE-2022-36537 | ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36537 |
| CVE-2022-38177 | By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38177 |
| CVE-2022-1941 | A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1941 |
| CVE-2022-39283 | FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-39283 |
| CVE-2022-42969 | The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42969 |
| CVE-2022-35268 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_sdk_file/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35268 |
| CVE-2022-35269 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_e2c_json_file/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35269 |
| CVE-2022-35270 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_wireguard_cert_file/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35270 |
| CVE-2022-35271 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_cert_file/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35271 |
| CVE-2022-3705 | A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3705 |
| CVE-2022-45060 | An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45060 |
| CVE-2022-37325 | In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-37325 |
| CVE-2022-2827 | AMI MegaRAC User Enumeration Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2827 |
| CVE-2022-45688 | A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45688 |
| CVE-2022-47516 | An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47516 |
| CVE-2022-41988 | An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41988 |
| CVE-2022-41999 | A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41999 |
| CVE-2022-43761 | Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43761 |
| CVE-2022-34350 | IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 230264. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34350 |
| CVE-2022-4450 | The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4450 |
| CVE-2023-0215 | The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0215 |
| CVE-2023-0216 | An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0216 |
| CVE-2023-0217 | An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0217 |
| CVE-2023-0401 | A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0401 |
| CVE-2019-25102 | A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input <<<<<<<<<<:/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.6.1 is able to address this issue. The name of the patch is 015a719bf5cdc561feea05500ecb3274ef609cd2. It is recommended to upgrade the affected component. VDB-220638 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-25102 |
| CVE-2019-25103 | A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The name of the patch is 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220639. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-25103 |
| CVE-2020-36661 | A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this issue. The name of the patch is d632e5df43a2928fd537784a99a79dec288bf01b. It is recommended to upgrade the affected component. VDB-220642 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36661 |
| CVE-2022-43460 | Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43460 |
| CVE-2023-22362 | SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1 | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22362 |
| CVE-2022-45454 | Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45454 |
| CVE-2023-22854 | The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22854 |
| CVE-2023-24647 | Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24647 |
| CVE-2022-3759 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines and make a sidekiq job allocate a lot of memory. In GitLab instances where Sidekiq is memory-limited, this may cause Denial of Service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3759 |
| CVE-2023-0518 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0518 |
| CVE-2023-23835 | A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9 (All versions < V9.22.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.10), Mendix Applications using Mendix 9 (V9.18) (All versions < V9.18.4), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.15). Some of the Mendix runtime API’s allow attackers to bypass XPath constraints and retrieve information using XPath queries that trigger errors. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23835 |
| CVE-2023-25141 | Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDNI and RMI. Users of Apache Sling JCR Base are recommended to upgrade to Apache Sling JCR Base 3.1.12 or later, or to run on a more recent JDK. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25141 |
| CVE-2021-46023 | An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46023 |
| CVE-2023-25576 | @fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This includes the multipart body parser accepting an unlimited number of file parts, the multipart body parser accepting an unlimited number of field parts, and the multipart body parser accepting an unlimited number of empty parts as field parts. This is fixed in v7.4.1 (for Fastify v4.x) and v6.0.1 (for Fastify v3.x). There are no known workarounds. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25576 |
| CVE-2023-22941 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) crashes the Splunk daemon (splunkd). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22941 |
| CVE-2023-25563 | GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of internal buffers. Although most applications will error out before accepting a singe input buffer of 4GB in length this could theoretically happen. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point if the application allows tokens greater than 4GB in length. This can lead to a large, up to 65KB, out-of-bounds read which could cause a denial-of-service if it reads from unmapped memory. Version 1.2.0 contains a patch for the out-of-bounds reads. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25563 |
| CVE-2023-25565 | GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25565 |
| CVE-2023-25566 | GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25566 |
| CVE-2023-25567 | GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the `av_pair` is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main `gss_accept_sec_context` entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25567 |
| CVE-2023-21691 | Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21691 |
| CVE-2023-21700 | Windows iSCSI Discovery Service Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21700 |
| CVE-2023-21701 | Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21701 |
| CVE-2023-21702 | Windows iSCSI Service Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21702 |
| CVE-2023-21811 | Windows iSCSI Service Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21811 |
| CVE-2023-21813 | Windows Secure Channel Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21813 |
| CVE-2023-21816 | Windows Active Directory Domain Services API Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21816 |
| CVE-2023-21818 | Windows Secure Channel Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21818 |
| CVE-2023-21819 | Windows Secure Channel Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21819 |
| CVE-2023-23382 | Azure Machine Learning Compute Instance Information Disclosure Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23382 |
| CVE-2023-23946 | Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23946 |
| CVE-2023-25577 | Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25577 |
| CVE-2023-21553 | Azure DevOps Server Remote Code Execution Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21553 |
| CVE-2023-24580 | An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24580 |
| CVE-2023-25191 | AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25191 |
| CVE-2023-25578 | Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 1.5.2, the request body parsing in `starlite` allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and an unlimited number of field parts. This is a remote, potentially unauthenticated Denial of Service vulnerability. This vulnerability affects applications with a request handler that accepts a `Body(media_type=RequestEncodingType.MULTI_PART)`. The large amount of CPU time required for processing requests can block all available worker processes and significantly delay or slow down the processing of legitimate user requests. The large amount of RAM accumulated while processing requests can lead to Out-Of-Memory kills. Complete DoS is achievable by sending many concurrent multipart requests in a loop. Version 1.51.2 contains a patch for this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25578 |
| CVE-2023-0103 | If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. This could allow an attacker to cause a denial-of-service condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0103 |
| CVE-2023-0361 | A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0361 |
| CVE-2023-22803 | LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22803 |
| CVE-2023-22806 | LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22806 |
| CVE-2022-47508 | Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47508 |
| CVE-2023-23463 | Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23463 |
| CVE-2023-23464 | Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23464 |
| CVE-2023-23466 | Media CP Media Control Panel latest version. Insufficiently protected credential change. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23466 |
| CVE-2023-24498 | An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24498 |
| CVE-2022-45546 | Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45546 |
| CVE-2021-34117 | SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-34117 |
| CVE-2021-38239 | SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-38239 |
| CVE-2022-40016 | Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows attackers to cause a denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40016 |
| CVE-2023-0848 | A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221147. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0848 |
| CVE-2023-0850 | A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. This issue affects some unknown processing of the component Web Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221153 was assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0850 |
| CVE-2023-0662 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0662 |
| CVE-2023-0860 | Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0860 |
| CVE-2023-22580 | Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22580 |
| CVE-2022-27892 | Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27892 |
| CVE-2022-27897 | Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27897 |
| CVE-2023-24807 | Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24807 |
| CVE-2022-26115 | A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26115 |
| CVE-2023-25653 | node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in `node-jose` can trigger a Denial-of-Service (DoS) condition, due to a possible infinite loop in an internal calculation. For some ECC operations, this condition is triggered randomly; for others, it can be triggered by malicious input. The issue has been patched in version 2.2.0. Since this issue is only present in the "fallback" crypto implementation, it can be avoided by ensuring that either WebCrypto or the Node `crypto` module is available in the JS environment where `node-jose` is being run. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25653 |
| CVE-2022-30692 | Improper conditions check in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30692 |
| CVE-2020-6817 | bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6817 |
| CVE-2023-24329 | An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24329 |
| CVE-2022-43927 | IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43927 |
| CVE-2022-43929 | IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43929 |
| CVE-2021-32441 | SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-32441 |
| CVE-2021-33950 | An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33950 |
| CVE-2022-20803 | A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20803 |
| CVE-2023-24960 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 246333 | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24960 |
| CVE-2023-0905 | A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221454 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0905 |
| CVE-2023-26081 | In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26081 |
| CVE-2022-48340 | In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48340 |
| CVE-2019-13498 | One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-13498 |
| CVE-2021-3450 | The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-3450 |
| CVE-2022-22807 | A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13) | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-22807 |
| CVE-2023-0286 | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0286 |
| CVE-2023-21820 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-21820 |
| CVE-2023-22377 | Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22377 |
| CVE-2022-27890 | It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of AtlasDB, the vulnerability was mitigated by other network controls such as two-way TLS when deployed as part of a Palantir platform. Palantir still recommends upgrading to a non-vulnerable version out of an abundance of caution. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-27890 |
| CVE-2022-39948 | An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy) | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-39948 |
| CVE-2022-40675 | Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-40675 |
| CVE-2019-2792 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-2792 |
| CVE-2021-44226 | Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\\Razer\\Synapse3\\Service\\bin even if %PROGRAMDATA%\\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-44226 |
| CVE-2022-35868 | A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-35868 |
| CVE-2023-21568 | Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21568 |
| CVE-2023-22743 | Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This potentially allows users with local write access to place malicious payloads in a location where automated upgrades might run the Git for Windows installer with elevation. Version 2.39.2 contains a patch for this issue. Some workarounds are available. Never leave untrusted files in the Downloads folder or its sub-folders before executing the Git for Windows installer, or move the installer into a different directory before executing it. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22743 |
| CVE-2022-25905 | Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before version 2021.5 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-25905 |
| CVE-2022-26032 | Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-26032 |
| CVE-2022-26052 | Uncontrolled search path element in the Intel(R) MPI Library before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-26052 |
| CVE-2022-26062 | Uncontrolled search path element in the Intel(R) Trace Analyzer and Collector before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-26062 |
| CVE-2022-26076 | Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-26076 |
| CVE-2022-26345 | Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-26345 |
| CVE-2022-26421 | Uncontrolled search path element in the Intel(R) oneAPI DPC++/C++ Compiler Runtime before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-26421 |
| CVE-2022-26425 | Uncontrolled search path element in the Intel(R) oneAPI Collective Communications Library (oneCCL) before version 2021.6 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-26425 |
| CVE-2022-26512 | Uncontrolled search path element in the Intel(R) FPGA Add-on for Intel(R) oneAPI Base Toolkit before version 2022.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-26512 |
| CVE-2019-12239 | The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-12239 |
| CVE-2019-5473 | An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-5473 |
| CVE-2021-24390 | A proid GET parameter of the WordPress支付�Alipay|财付通Tenpay|��PayPal集��件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-24390 |
| CVE-2022-36323 | Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-36323 |
| CVE-2022-4546 | The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-4546 |
| CVE-2023-21703 | Azure Data Box Gateway Remote Code Execution Vulnerability | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-21703 |
| CVE-2023-21710 | Microsoft Exchange Server Remote Code Execution Vulnerability | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-21710 |
| CVE-2023-23379 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-23379 |
| CVE-2022-38111 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-38111 |
| CVE-2022-47503 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-47503 |
| CVE-2022-47504 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-47504 |
| CVE-2022-47507 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-47507 |
| CVE-2023-23836 | SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-23836 |
| CVE-2022-38868 | SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allows attackers to execute arbitrary code. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-38868 |
| CVE-2022-27489 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-27489 |
| CVE-2022-33871 | A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI `execute backup-local rename` and `execute backup-local show` operations. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-33871 |
| CVE-2022-32971 | Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow a privileged user to potentially enable escalation of privilege via network access. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32971 |
| CVE-2023-23007 | An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-23007 |
| CVE-2023-26020 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-26020 |
| CVE-2019-11041 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-11041 |
| CVE-2019-11042 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-11042 |
| CVE-2020-14152 | In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-14152 |
| CVE-2020-14153 | In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-14153 |
| CVE-2021-3752 | A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-3752 |
| CVE-2021-3743 | An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-3743 |
| CVE-2022-1973 | A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-1973 |
| CVE-2022-3202 | A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-3202 |
| CVE-2022-3564 | A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-3564 |
| CVE-2022-41858 | A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-41858 |
| CVE-2022-4745 | The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4745 |
| CVE-2023-21564 | Azure DevOps Server Cross-Site Scripting Vulnerability | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21564 |
| CVE-2017-2636 | Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2017-2636 |
| CVE-2021-4083 | A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2021-4083 |
| CVE-2021-3697 | A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2021-3697 |
| CVE-2022-3649 | A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-3649 |
| CVE-2023-24816 | IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool `set_term_title` could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the `IPython.utils.terminal.set_term_title` function are done with trusted or filtered input. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-24816 |
| CVE-2022-32471 | An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are used, the IHISI SMM code may be convinced to modify SMRAM or OS, leading to possible data corruption or escalation of privileges. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-32471 |
| CVE-2022-32474 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-32474 |
| CVE-2022-32478 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-32478 |
| CVE-2022-32954 | An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 5.5. DMA attacks on the SdMmcDevice buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the link data to SMRAM before checking it and verifying that all pointers are within the buffer. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-32954 |
| CVE-2022-32955 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the link data to SMRAM before checking it and verifying that all pointers are within the buffer. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-32955 |
| CVE-2022-32470 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-32470 |
| CVE-2022-32473 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-32473 |
| CVE-2022-32476 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-32476 |
| CVE-2022-32953 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the link data to SMRAM before checking it and verifying that all pointers are within the buffer. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-32953 |
| CVE-2022-32469 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-32469 |
| CVE-2022-32475 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue was fixed in the kernel, which also protected chipset and OEM chipset code. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-32475 |
| CVE-2022-32477 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-32477 |
| CVE-2020-19824 | An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2020-19824 |
| CVE-2019-6109 | An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-6109 |
| CVE-2019-6110 | In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-6110 |
| CVE-2020-4047 | In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-4047 |
| CVE-2023-0808 | A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0808 |
| CVE-2023-21694 | Windows Fax Service Remote Code Execution Vulnerability | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21694 |
| CVE-2022-48306 | Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48306 |
| CVE-2022-21216 | Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-21216 |
| CVE-2019-0181 | Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2019-0181 |
| CVE-2018-1630 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2018-1630 |
| CVE-2018-1631 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2018-1631 |
| CVE-2018-1632 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2018-1632 |
| CVE-2018-1633 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2018-1633 |
| CVE-2018-1634 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2018-1634 |
| CVE-2018-1635 | Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2018-1635 |
| CVE-2018-1636 | Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2018-1636 |
| CVE-2022-20369 | In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-20369 |
| CVE-2022-34377 | Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-34377 |
| CVE-2021-0187 | Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-0187 |
| CVE-2022-26343 | Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-26343 |
| CVE-2022-1015 | A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-1015 |
| CVE-2016-3201 | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3215. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-3201 |
| CVE-2018-3713 | angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3713 |
| CVE-2018-3714 | node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3714 |
| CVE-2018-20584 | JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-20584 |
| CVE-2019-6283 | In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-6283 |
| CVE-2019-6284 | In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-6284 |
| CVE-2018-20821 | The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-20821 |
| CVE-2018-20822 | LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-20822 |
| CVE-2019-12216 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-12216 |
| CVE-2018-20845 | Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-20845 |
| CVE-2018-20846 | Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-20846 |
| CVE-2019-13112 | A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-13112 |
| CVE-2019-13113 | Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-13113 |
| CVE-2019-13301 | ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-13301 |
| CVE-2019-13309 | ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-13309 |
| CVE-2019-13311 | ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-13311 |
| CVE-2015-9383 | FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2015-9383 |
| CVE-2018-21015 | AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-21015 |
| CVE-2018-21016 | audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-21016 |
| CVE-2019-16348 | marc-q libwav through 2017-04-20 has a NULL pointer dereference in gain_file() at wav_gain.c. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16348 |
| CVE-2019-10407 | Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10407 |
| CVE-2019-10413 | Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10413 |
| CVE-2019-10414 | Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10414 |
| CVE-2019-10415 | Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10415 |
| CVE-2019-10416 | Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10416 |
| CVE-2019-10422 | Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10422 |
| CVE-2019-17450 | find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-17450 |
| CVE-2019-17451 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-17451 |
| CVE-2019-18420 | An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-18420 |
| CVE-2020-9388 | CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-9388 |
| CVE-2020-21596 | libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-21596 |
| CVE-2020-21597 | libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-21597 |
| CVE-2021-3671 | A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3671 |
| CVE-2021-43797 | Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-43797 |
| CVE-2021-43946 | Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-43946 |
| CVE-2021-3638 | An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3638 |
| CVE-2022-0865 | Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0865 |
| CVE-2022-28041 | stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28041 |
| CVE-2022-22969 | <Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session. This vulnerability exposes OAuth 2.0 Client applications only. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22969 |
| CVE-2022-1958 | A vulnerability classified as critical has been found in FileCloud. Affected is an unknown function of the component NTFS Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-201960. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1958 |
| CVE-2022-2056 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2056 |
| CVE-2022-2057 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2057 |
| CVE-2022-2058 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2058 |
| CVE-2022-32325 | JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32325 |
| CVE-2022-29901 | Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29901 |
| CVE-2022-32213 | The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32213 |
| CVE-2022-32214 | The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32214 |
| CVE-2022-32215 | The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32215 |
| CVE-2022-30698 | NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30698 |
| CVE-2022-30699 | NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30699 |
| CVE-2022-25810 | The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset� under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and backup/restore operations. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25810 |
| CVE-2022-2519 | There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1 | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2519 |
| CVE-2022-2520 | A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2520 |
| CVE-2022-2521 | It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2521 |
| CVE-2022-3597 | LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3597 |
| CVE-2022-3599 | LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3599 |
| CVE-2022-3627 | LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3627 |
| CVE-2022-43235 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43235 |
| CVE-2022-43236 | Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43236 |
| CVE-2022-43237 | Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43237 |
| CVE-2022-43238 | Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43238 |
| CVE-2022-43239 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43239 |
| CVE-2022-43240 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43240 |
| CVE-2022-43241 | Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43241 |
| CVE-2022-43242 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43242 |
| CVE-2022-43243 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43243 |
| CVE-2022-43244 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43244 |
| CVE-2022-43245 | Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43245 |
| CVE-2022-43248 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43248 |
| CVE-2022-43249 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43249 |
| CVE-2022-43250 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43250 |
| CVE-2022-43252 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43252 |
| CVE-2022-43253 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43253 |
| CVE-2022-44792 | handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44792 |
| CVE-2022-44793 | handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44793 |
| CVE-2021-31693 | VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-31693 |
| CVE-2022-42705 | A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42705 |
| CVE-2022-47015 | MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47015 |
| CVE-2022-44267 | ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44267 |
| CVE-2022-44268 | ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44268 |
| CVE-2022-34366 | Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34366 |
| CVE-2022-45085 | Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.This issue affects Smartpower Web: before 23.01.01. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45085 |
| CVE-2023-0661 | Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0661 |
| CVE-2022-25937 | Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25937 |
| CVE-2022-45962 | Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45962 |
| CVE-2022-3411 | A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3411 |
| CVE-2023-24524 | SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24524 |
| CVE-2023-24528 | SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network and successful exploitation can lead to exposure of data like travel documents. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24528 |
| CVE-2022-41564 | The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.1.0 through 6.2.1 and TIBCO Operational Intelligence Hawk RedTail: versions 7.0.0 through 7.2.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41564 |
| CVE-2023-21572 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21572 |
| CVE-2023-21721 | Microsoft OneNote Spoofing Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21721 |
| CVE-2023-21807 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21807 |
| CVE-2023-25768 | A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25768 |
| CVE-2023-23458 | Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23458 |
| CVE-2021-33396 | Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33396 |
| CVE-2022-30300 | A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30300 |
| CVE-2022-43954 | An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43954 |
| CVE-2023-0475 | HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0475 |
| CVE-2023-23778 | A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23778 |
| CVE-2023-23784 | A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23784 |
| CVE-2023-22380 | A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.6. This vulnerability was reported via the GitHub Bug Bounty program. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22380 |
| CVE-2023-0821 | HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0821 |
| CVE-2022-36775 | IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36775 |
| CVE-2021-37159 | hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-37159 |
| CVE-2021-40403 | An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-40403 |
| CVE-2022-3140 | LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-3140 |
| CVE-2022-23541 | jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-23541 |
| CVE-2023-22936 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22936 |
| CVE-2023-23558 | In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-23558 |
| CVE-2018-3755 | XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-3755 |
| CVE-2018-3769 | ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via "format" parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-3769 |
| CVE-2019-12387 | In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-12387 |
| CVE-2019-14774 | The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-14774 |
| CVE-2019-14799 | The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-14799 |
| CVE-2016-10873 | The wp-database-backup plugin before 4.3.3 for WordPress has XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-10873 |
| CVE-2016-10875 | The wp-database-backup plugin before 4.3.1 for WordPress has XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-10875 |
| CVE-2016-10878 | The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-10878 |
| CVE-2017-18508 | The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-18508 |
| CVE-2019-14949 | The wp-database-backup plugin before 5.1.2 for WordPress has XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-14949 |
| CVE-2015-9304 | The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2015-9304 |
| CVE-2016-10872 | The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-10872 |
| CVE-2017-18499 | The simple-membership plugin before 3.5.7 for WordPress has XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-18499 |
| CVE-2018-20965 | The ultimate-member plugin before 2.0.4 for WordPress has XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-20965 |
| CVE-2015-9320 | The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2015-9320 |
| CVE-2019-16117 | Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-16117 |
| CVE-2019-16118 | Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-16118 |
| CVE-2018-21012 | The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-21012 |
| CVE-2016-10961 | The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-10961 |
| CVE-2019-11559 | A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-11559 |
| CVE-2020-13430 | Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-13430 |
| CVE-2020-13827 | phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-13827 |
| CVE-2020-23226 | Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-23226 |
| CVE-2022-29577 | OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29577 |
| CVE-2022-28172 | The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28172 |
| CVE-2022-1355 | A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-1355 |
| CVE-2023-22911 | An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22911 |
| CVE-2023-23077 | Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-23077 |
| CVE-2023-23078 | Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-23078 |
| CVE-2022-45087 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: before 23.01.01. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-45087 |
| CVE-2015-10078 | A vulnerability, which was classified as problematic, has been found in atwellpub Resend Welcome Email Plugin 1.0.1. This issue affects the function send_welcome_email_url of the file resend-welcome-email.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is b14c1f66d307783f0ae74f88088a85999107695c. It is recommended to upgrade the affected component. The identifier VDB-220637 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2015-10078 |
| CVE-2023-23553 | Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-23553 |
| CVE-2022-45285 | Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-45285 |
| CVE-2022-4905 | A vulnerability was found in UDX Stateless Media Plugin 3.1.1. It has been declared as problematic. This vulnerability affects the function setup_wizard_interface of the file lib/classes/class-settings.php. The manipulation of the argument settings leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.2.0 is able to address this issue. The name of the patch is 6aee7ae0b0beeb2232ce6e1c82aa7e2041ae151a. It is recommended to upgrade the affected component. VDB-220750 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4905 |
| CVE-2023-24086 | SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-24086 |
| CVE-2023-24648 | Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-24648 |
| CVE-2023-25241 | bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25241 |
| CVE-2015-10079 | A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rated as problematic. This issue affects the function parseLinks of the file public/parser.js. The manipulation of the argument text leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 0.0.3 is able to address this issue. The name of the patch is 45fd885895ae13e8d9b3a71e89d59768914f60af. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220751. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2015-10079 |
| CVE-2022-4286 | A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4286 |
| CVE-2023-22932 | In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22932 |
| CVE-2023-22933 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’. The vulnerability affects instances with Splunk Web enabled. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22933 |
| CVE-2022-47373 | Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-47373 |
| CVE-2022-25978 | All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript\: scheme. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-25978 |
| CVE-2023-23467 | Media CP Media Control Panel latest version. Reflected XSS possible through unspecified endpoint. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-23467 |
| CVE-2022-45543 | Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-45543 |
| CVE-2022-30304 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-30304 |
| CVE-2022-38376 | Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-38376 |
| CVE-2022-41334 | An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated attacker to launch a cross site scripting (XSS) attack via the "redir" parameter of the URL seen when the "Sign in with FortiCloud" button is clicked. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-41334 |
| CVE-2022-48324 | Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) pesquisa, (2) data, (3) data2, (4) nome, (5) descricao, (6) idDocumentos, (7) id in file application/controllers/Arquivos.php; (8) senha, (9) nomeCliente, (10) contato, (11) documento, (12) telefone, (13) celular, (14) email, (15) rua, (16) numero, (17) complemento, (18) bairro, (19) cidade, (20) estado, (21) cep, (22) idClientes, (23) id in file application/controllers/Clientes.php; (24) id, (25) tipo, (26) forma_pagamento, (27) gateway_de_pagamento, (28) excluir_id, (29) confirma_id, (30) cancela_id in file application/controllers/Cobrancas.php; (31) vencimento_de, (32) vencimento_ate, (33) cliente, (34) tipo, (35) status, (36) valor_desconto, (37) desconto, (38) periodo, (39) per_page, (40) urlAtual, (41) vencimento, (42) recebimento, (43) valor, (44) recebido, (45) formaPgto, (46) desconto_parc, (47) entrada, (48) qtdparcelas_parc, (49) valor_parc, (50) dia_pgto, (51) dia_base_pgto, (52) comissao, (53) descricao_parc, (54) cliente_parc, (55) observacoes_parc, (56) formaPgto_parc, (57) tipo_parc, (58) pagamento, (59) pago, (60) valor_desconto_editar, (61) descricao, (62) fornecedor, (63) observacoes, (64) id in file application/controllers/Financeiro.php; (65) refGarantia, (66) textoGarantia, (67) idGarantias in file application/controllers/Garantias.php; (68) email, (69) senha in file application/controllers/Login.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-48324 |
| CVE-2022-48325 | Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) year, (2) oldSenha, (3) novaSenha, (4) termo, (5) nome, (6) cnpj, (7) ie, (8) cep, (9) logradouro, (10) numero, (11) bairro, (12) cidade, (13) uf, (14) telefone, (15) email, (16) id, (17) app_name, (18) per_page, (19) app_theme, (20) os_notification, (21) email_automatico, (22) control_estoque, (23) notifica_whats, (24) control_baixa, (25) control_editos, (26) control_edit_vendas, (27) control_datatable, (28) pix_key, (29) os_status_list, (30) control_2vias, (31) status, (32) start, (33) end in file application/controllers/Mapos.php; (34) token, (35) senha, (36) email, (37) nomeCliente, (38) documento, (39) telefone, (40) celular, (41) rua, (42) numero, (43) complemento, (44) bairro, (45) cidade, (46) estado, (47) cep, (48) idClientes, (49) descricaoProduto, (50) defeito in file application/controllers/Mine.php; (51) pesquisa, (52) status, (53) data, (54) data2, (55) dataInicial, (56) dataFinal, (57) termoGarantia, (58) garantias_id, (59) clientes_id, (60) usuarios_id, (61) idOs, (62) garantia, (63) descricaoProduto, (64) defeito, (65) observacoes, (66) laudoTecnico, (67) id, (68) preco, (69) quantidade, (70) idProduto, (71) idOsProduto, (72) produto, (73) idServico, (74) idOsServico, (75) desconto, (76) tipoDesconto, (77) resultado, (78) vencimento, (79) recebimento, (80) os_id, (81) valor, (82) recebido, (83) formaPgto, (84) tipo, (85) anotacao, (86) idAnotacao in file application/controllers/Os.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-48325 |
| CVE-2022-48326 | Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) nome, (2) aCliente, (3) eCliente, (4) dCliente, (5) vCliente, (6) aProduto, (7) eProduto, (8) dProduto, (9) vProduto, (10) aServico, (11) eServico, (12) dServico, (13) vServico, (14) aOs, (15) eOs, (16) dOs, (17) vOs, (18) aVenda, (19) eVenda, (20) dVenda, (21) vVenda, (22) aGarantia, (23) eGarantia, (24) dGarantia, (25) vGarantia, (26) aArquivo, (27) eArquivo, (28) dArquivo, (29) vArquivo, (30) aPagamento, (31) ePagamento, (32) dPagamento, (33) vPagamento, (34) aLancamento, (35) eLancamento, (36) dLancamento, (37) vLancamento, (38) cUsuario, (39) cEmitente, (40) cPermissao, (41) cBackup, (42) cAuditoria, (43) cEmail, (44) cSistema, (45) rCliente, (46) rProduto, (47) rServico, (48) rOs, (49) rVenda, (50) rFinanceiro, (51) aCobranca, (52) eCobranca, (53) dCobranca, (54) vCobranca, (55) situacao, (56) idPermissao, (57) id in file application/controllers/Permissoes.php; (58) precoCompra, (59) precoVenda, (60) descricao, (61) unidade, (62) estoque, (63) estoqueMinimo, (64) idProdutos, (65) id, (66) estoqueAtual in file application/controllers/Produtos.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-48326 |
| CVE-2022-48327 | Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) dataInicial, (2) dataFinal, (3) tipocliente, (4) format, (5) precoInicial, (6) precoFinal, (7) estoqueInicial, (8) estoqueFinal, (9) de_id, (10) ate_id, (11) clientes_id, (12) origem, (13) cliente, (14) responsavel, (15) status, (16) tipo, (17) situacao in file application/controllers/Relatorios.php; (18) preco, (19) nome, (20) descricao, (21) idServicos, (22) id in file application/controllers/Servicos.php; (23) senha, (24) permissoes_id, (25) idUsuarios, (26) situacao, (27) nome, (28) rg, (29) cpf, (30) cep, (31) rua, (32) numero, (33) bairro, (34) cidade, (35) estado, (36) email, (37) telefone, (38) celular in file application/controllers/Usuarios.php; (39) dataVenda, (40) observacoes, (41) observacoes_cliente, (42) clientes_id, (43) usuarios_id, (44) idVendas, (45) id, (46) idVendasProduto, (47) preco, (48) quantidade, (49) idProduto, (50) produto, (51) desconto, (52) tipoDesconto, (53) resultado, (54) vendas_id, (55) vencimento, (56) recebimento, (57) valor, (58) recebido, (59) formaPgto, (60) tipo in file application/controllers/Vendas.php; (61) situacao, (62) periodo, (63) vencimento_de, (64) vencimento_ate, (65) tipo, (66) status, (67) cliente in file application/views/financeiro/lancamentos.php; (68) year in file application/views/mapos/painel.php; (69) pesquisa in file application/views/os/os.php; (70) etiquetaCode in file application/views/relatorios/imprimir/imprimirEtiquetas.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-48327 |
| CVE-2019-17003 | Scanning a QR code that contained a javascript\: URL would have resulted in the Javascript being executed. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-17003 |
| CVE-2021-23980 | A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-23980 |
| CVE-2022-0637 | There was an open redirection vulnerability pollbot, which was used in https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/ An attacker could have redirected anyone to malicious sites. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-0637 |
| CVE-2023-0878 | Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0878 |
| CVE-2023-24369 | A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-24369 |
| CVE-2023-23921 | The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-23921 |
| CVE-2023-23922 | The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-23922 |
| CVE-2022-48115 | The dropdown menu in jspreadsheet before v4.6.0 was discovered to be vulnerable to cross-site scripting (XSS). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-48115 |
| CVE-2012-10007 | A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ShareBox.php. The manipulation of the argument content/link/shares leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.8 is able to address this issue. The name of the patch is 7d5b9a89a27711aad76fd55ab4cc4185b545a1d0. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221479. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2012-10007 |
| CVE-2014-125088 | A vulnerability was found in qt-users-jp silk 0.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file contents/root/examples/header.qml. The manipulation of the argument model.key/model.value leads to cross site scripting. The attack can be initiated remotely. The name of the patch is bbc5d6eeea800025ef29edda3fd3c57836239eae. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221488. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2014-125088 |
| CVE-2015-10080 | A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is f53a9fb87e10c457f0f3dd4f2af24d3b2f21b3ca. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221487. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2015-10080 |
| CVE-2023-26235 | JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26235 |
| CVE-2022-4897 | The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4897 |
| CVE-2023-0428 | The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0428 |
| CVE-2023-0442 | The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0442 |
| CVE-2022-45137 | The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-45137 |
| CVE-2022-38378 | An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands. | 6 | https://nvd.nist.gov/vuln/detail/CVE-2022-38378 |
| CVE-2020-10941 | Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-10941 |
| CVE-2020-14954 | Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-14954 |
| CVE-2021-3537 | A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-3537 |
| CVE-2022-29224 | Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold� (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-29224 |
| CVE-2022-42818 | This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-42818 |
| CVE-2022-43603 | A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-43603 |
| CVE-2022-4304 | A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-4304 |
| CVE-2023-22367 | Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22367 |
| CVE-2022-22564 | Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-22564 |
| CVE-2023-25171 | Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users in Kiwi TCMS. Additionally that may strain SMTP resources. Users should upgrade to v12.0 or later to receive a patch. As potential workarounds, users may install and configure a rate-limiting proxy in front of Kiwi TCMS and/or configure rate limits on their email server when possible. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-25171 |
| CVE-2020-12413 | The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-12413 |
| CVE-2023-23695 | Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-23695 |
| CVE-2019-14680 | The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2019-14680 |
| CVE-2019-14683 | The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2019-14683 |
| CVE-2020-4048 | In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-4048 |
| CVE-2022-27774 | An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-27774 |
| CVE-2022-34397 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-34397 |
| CVE-2023-22940 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-22940 |
| CVE-2023-21693 | Microsoft PostScript Printer Driver Information Disclosure Vulnerability | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21693 |
| CVE-2023-21567 | Visual Studio Denial of Service Vulnerability | 5.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-21567 |
| CVE-2018-3634 | Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3634 |
| CVE-2018-3770 | A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3770 |
| CVE-2019-7664 | In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-7664 |
| CVE-2019-7222 | The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-7222 |
| CVE-2019-10649 | In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10649 |
| CVE-2019-12975 | ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-12975 |
| CVE-2019-12976 | ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-12976 |
| CVE-2019-12804 | In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-12804 |
| CVE-2019-1010302 | jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1010302 |
| CVE-2019-10398 | Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10398 |
| CVE-2019-10419 | Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10419 |
| CVE-2019-10420 | Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10420 |
| CVE-2019-10423 | Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10423 |
| CVE-2019-10424 | Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10424 |
| CVE-2020-10177 | Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-10177 |
| CVE-2020-10378 | In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-10378 |
| CVE-2020-10994 | In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-10994 |
| CVE-2020-16150 | A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-16150 |
| CVE-2020-0404 | In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-0404 |
| CVE-2021-29458 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-29458 |
| CVE-2021-36373 | When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-36373 |
| CVE-2021-36374 | When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-36374 |
| CVE-2020-21676 | A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-21676 |
| CVE-2020-21529 | fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-21529 |
| CVE-2020-21531 | fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-21531 |
| CVE-2020-21532 | fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-21532 |
| CVE-2021-32280 | An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-32280 |
| CVE-2021-42715 | An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-42715 |
| CVE-2021-43389 | An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-43389 |
| CVE-2022-22946 | In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22946 |
| CVE-2022-1056 | Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1056 |
| CVE-2022-1623 | LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1623 |
| CVE-2022-31650 | In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31650 |
| CVE-2022-31651 | In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31651 |
| CVE-2022-31783 | Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31783 |
| CVE-2022-2318 | There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2318 |
| CVE-2022-2867 | libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2867 |
| CVE-2022-2868 | libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2868 |
| CVE-2022-2869 | libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2869 |
| CVE-2022-2873 | An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2873 |
| CVE-2022-2953 | LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2953 |
| CVE-2022-1354 | A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1354 |
| CVE-2022-3190 | Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3190 |
| CVE-2022-40768 | drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40768 |
| CVE-2022-3570 | Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3570 |
| CVE-2022-41946 | pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41946 |
| CVE-2022-42783 | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42783 |
| CVE-2022-44447 | In wlan driver, there is a possible null pointer dereference issue due to a missing bounds check. This could lead to local denial of service in wlan services. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44447 |
| CVE-2022-44448 | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44448 |
| CVE-2022-47451 | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47451 |
| CVE-2022-47452 | In gnss driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47452 |
| CVE-2023-24619 | Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10, and 22.1.12. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24619 |
| CVE-2023-0818 | Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0818 |
| CVE-2023-0795 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0795 |
| CVE-2023-0796 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0796 |
| CVE-2023-0797 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0797 |
| CVE-2023-0798 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0798 |
| CVE-2023-0799 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0799 |
| CVE-2023-0800 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0800 |
| CVE-2023-0801 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0801 |
| CVE-2023-0802 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0802 |
| CVE-2023-0803 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0803 |
| CVE-2023-0804 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0804 |
| CVE-2023-24565 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V2023Update2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted STL file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19428) | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24565 |
| CVE-2023-21687 | HTTP.sys Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21687 |
| CVE-2023-21697 | Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21697 |
| CVE-2023-21714 | Microsoft Office Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21714 |
| CVE-2023-22490 | Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22490 |
| CVE-2023-20949 | In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323133References: N/A | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20949 |
| CVE-2022-45154 | A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45154 |
| CVE-2022-45586 | Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45586 |
| CVE-2022-45587 | Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45587 |
| CVE-2023-25153 | containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25153 |
| CVE-2023-24484 | A malicious user can cause log files to be written to a directory that they do not have permission to write to. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24484 |
| CVE-2022-26509 | Improper conditions check in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26509 |
| CVE-2022-31476 | Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31476 |
| CVE-2022-35883 | NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35883 |
| CVE-2022-36289 | Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36289 |
| CVE-2023-23586 | Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23586 |
| CVE-2023-24964 | IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24964 |
| CVE-2023-24785 | An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a denial of service via the End of Archive tag function of the peazip/pea UNPEA feature. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24785 |
| CVE-2023-24809 | NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash. This issue is resolved in NetHack 3.6.7. There are no known workarounds. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24809 |
| CVE-2023-21577 | Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21577 |
| CVE-2023-21578 | Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21578 |
| CVE-2023-21583 | Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21583 |
| CVE-2023-21593 | Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21593 |
| CVE-2023-22231 | Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22231 |
| CVE-2023-22233 | After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22233 |
| CVE-2021-32843 | HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, `virtio.c` has is a call to `vc_cfgread` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit df0e46c7dbfd81a957d85e449ba41b52f6f7beb4. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-32843 |
| CVE-2021-32844 | HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, ` vi_pci_write` has is a call to `vc_cfgwrite` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit 451558fe8aaa8b24e02e34106e3bb9fe41d7ad13. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-32844 |
| CVE-2016-15024 | A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-15024 |
| CVE-2018-3717 | connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-3717 |
| CVE-2019-7553 | PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-7553 |
| CVE-2019-1010124 | WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to RCE via editing theme files in WordPress. The component is: admin/partials/woo-feed-manage-list.php:63. The attack vector is: Administrator must be logged in. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-1010124 |
| CVE-2019-14787 | The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-14787 |
| CVE-2019-14948 | The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-14948 |
| CVE-2019-5467 | An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-5467 |
| CVE-2019-10395 | Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10395 |
| CVE-2019-10396 | Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10396 |
| CVE-2016-10953 | The Headway theme before 3.8.9 for WordPress has XSS via the license key field. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2016-10953 |
| CVE-2019-4342 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-4342 |
| CVE-2019-10402 | In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10402 |
| CVE-2019-10403 | Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10403 |
| CVE-2019-10404 | Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10404 |
| CVE-2019-10405 | Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10405 |
| CVE-2019-10410 | Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10410 |
| CVE-2019-19306 | The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-19306 |
| CVE-2020-4051 | In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-4051 |
| CVE-2020-25270 | PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-25270 |
| CVE-2020-9390 | SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-9390 |
| CVE-2020-5000 | IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-5000 |
| CVE-2018-25034 | A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation of the argument ServiceSetIdentifier with the input >--redacted-- as part of POST Request leads to basic cross site scripting (Persistent). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-126695 | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-25034 |
| CVE-2022-2113 | Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-2113 |
| CVE-2018-25047 | In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-25047 |
| CVE-2022-3934 | The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-3934 |
| CVE-2022-43980 | There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulnerability could allow an atacker to steal the value of the admin user´s cookie. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-43980 |
| CVE-2023-0780 | Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0780 |
| CVE-2022-45086 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: before 23.01.01. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-45086 |
| CVE-2022-45091 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: before 23.01.01. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-45091 |
| CVE-2023-0787 | Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0787 |
| CVE-2023-0791 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0791 |
| CVE-2023-0792 | Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0792 |
| CVE-2023-0794 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0794 |
| CVE-2023-25727 | In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25727 |
| CVE-2022-45724 | Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-45724 |
| CVE-2022-4448 | The GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4448 |
| CVE-2022-4458 | The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4458 |
| CVE-2022-4471 | The YARPP WordPress plugin through 5.30.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4471 |
| CVE-2022-4473 | The Widget Shortcode WordPress plugin through 0.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4473 |
| CVE-2022-4488 | The Widgets on Pages WordPress plugin through 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4488 |
| CVE-2022-4512 | The Better Font Awesome WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4512 |
| CVE-2022-4551 | The Rich Table of Contents WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4551 |
| CVE-2022-4562 | The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4562 |
| CVE-2022-4580 | The Twenty20 Image Before-After WordPress plugin through 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4580 |
| CVE-2022-4628 | The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4628 |
| CVE-2022-4656 | The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4656 |
| CVE-2022-4678 | The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4678 |
| CVE-2022-4682 | The Lightbox Gallery WordPress plugin before 0.9.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4682 |
| CVE-2022-4759 | The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4759 |
| CVE-2022-4783 | The Youtube Channel Gallery WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4783 |
| CVE-2022-4830 | The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4830 |
| CVE-2023-0034 | The JetWidgets For Elementor WordPress plugin through 1.0.13 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0034 |
| CVE-2023-0060 | The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0060 |
| CVE-2023-0061 | The Judge.me Product Reviews for WooCommerce WordPress plugin before 1.3.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0061 |
| CVE-2023-0075 | The Amazon JS WordPress plugin through 0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0075 |
| CVE-2023-25572 | react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and using the `<RichTextField>` are affected. `<RichTextField>` outputs the field value using `dangerouslySetInnerHTML` without client-side sanitization. If the data isn't sanitized server-side, this opens a possible cross-site scripting (XSS) attack. Versions 3.19.12 and 4.7.6 now use `DOMPurify` to escape the HTML before outputting it with React and `dangerouslySetInnerHTML`. Users who already sanitize HTML data server-side do not need to upgrade. As a workaround, users may replace the `<RichTextField>` by a custom field doing sanitization by hand. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25572 |
| CVE-2023-23856 | In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause a low impact on integrity of the application. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23856 |
| CVE-2023-0827 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0827 |
| CVE-2023-25571 | Backstage is an open platform for building developer portals. `@backstage/catalog-model` prior to version 1.2.0, `@backstage/core-components` prior to 0.12.4, and `@backstage/plugin-catalog-backend` prior to 1.7.2 are affected by a cross-site scripting vulnerability. This vulnerability allows a malicious actor with access to add or modify content in an instance of the Backstage software catalog to inject script URLs in the entities stored in the catalog. If users of the catalog then click on said URLs, that can lead to an XSS attack. This vulnerability has been patched in both the frontend and backend implementations. The default `Link` component from `@backstage/core-components` version 1.2.0 and greater will now reject `javascript\:` URLs, and there is a global override of `window.open` to do the same. In addition, the catalog model v0.12.4 and greater as well as the catalog backend v1.7.2 and greater now has additional validation built in that prevents `javascript\:` URLs in known annotations. As a workaround, the general practice of limiting access to modifying catalog content and requiring code reviews greatly help mitigate this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25571 |
| CVE-2023-21570 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-21570 |
| CVE-2023-21571 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-21571 |
| CVE-2023-21573 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-21573 |
| CVE-2022-47372 | Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-47372 |
| CVE-2023-0840 | A vulnerability classified as problematic was found in PHPCrazy 1.1.1. This vulnerability affects unknown code of the file admin/admin.php?action=users&mode=info&user=2. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221086 is the identifier assigned to this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0840 |
| CVE-2023-25761 | Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25761 |
| CVE-2023-25762 | Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25762 |
| CVE-2023-25763 | Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25763 |
| CVE-2023-25764 | Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25764 |
| CVE-2021-40555 | Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-40555 |
| CVE-2023-23936 | Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23936 |
| CVE-2022-42472 | A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-42472 |
| CVE-2023-22638 | Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22638 |
| CVE-2023-0879 | Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0879 |
| CVE-2023-24388 | Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-24388 |
| CVE-2023-22868 | IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22868 |
| CVE-2022-43579 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238684. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-43579 |
| CVE-2023-24769 | Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-24769 |
| CVE-2022-40348 | Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-40348 |
| CVE-2020-36656 | The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-36656 |
| CVE-2022-4622 | The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4622 |
| CVE-2022-4714 | The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4714 |
| CVE-2022-4750 | The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4750 |
| CVE-2022-4752 | The Opening Hours WordPress plugin through 2.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4752 |
| CVE-2022-4754 | The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4754 |
| CVE-2022-4761 | The Post Views Count WordPress plugin through 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4761 |
| CVE-2022-4764 | The Simple File Downloader WordPress plugin through 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4764 |
| CVE-2022-4777 | The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4777 |
| CVE-2022-4784 | The Hueman Addons WordPress plugin through 2.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4784 |
| CVE-2022-4785 | The Video Sidebar Widgets WordPress plugin through 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4785 |
| CVE-2022-4786 | The Video.js WordPress plugin through 4.5.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4786 |
| CVE-2022-4791 | The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4791 |
| CVE-2023-0059 | The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0059 |
| CVE-2023-0067 | The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0067 |
| CVE-2023-0231 | The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0231 |
| CVE-2023-0271 | The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0271 |
| CVE-2023-0285 | The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0285 |
| CVE-2023-0366 | The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0366 |
| CVE-2023-0371 | The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0371 |
| CVE-2023-0372 | The EmbedStories WordPress plugin before 0.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0372 |
| CVE-2023-0375 | The Easy Affiliate Links WordPress plugin before 3.7.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0375 |
| CVE-2023-0378 | The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0378 |
| CVE-2023-0380 | The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0380 |
| CVE-2023-0419 | The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0419 |
| CVE-2018-3718 | serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-3718 |
| CVE-2018-3778 | Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-3778 |
| CVE-2018-3776 | Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-3776 |
| CVE-2018-15473 | OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-15473 |
| CVE-2018-20685 | In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-20685 |
| CVE-2019-11717 | A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-11717 |
| CVE-2019-5463 | An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-5463 |
| CVE-2020-6812 | The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-6812 |
| CVE-2021-27515 | url-parse before 1.5.0 mishandles certain uses of backslash such as http:\\/ and interprets the URI as a relative path. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-27515 |
| CVE-2021-3664 | url-parse is vulnerable to URL Redirection to Untrusted Site | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-3664 |
| CVE-2021-34141 | An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless." | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-34141 |
| CVE-2022-22809 | A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-22809 |
| CVE-2022-0512 | Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-0512 |
| CVE-2022-0639 | Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-0639 |
| CVE-2022-0564 | A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-0564 |
| CVE-2022-24329 | In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-24329 |
| CVE-2022-2097 | AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-2097 |
| CVE-2022-32222 | A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-32222 |
| CVE-2022-3594 | A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-3594 |
| CVE-2023-22909 | An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22909 |
| CVE-2022-3891 | The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-3891 |
| CVE-2023-25159 | Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, and Nextcloud Office (Richdocuments) App 6.x prior to 6.3.1 and 7.x prior to 7.0.1 have previews accessible without a watermark. The download should be hidden and the watermark should get applied. This issue is fixed in Nextcloud Server 25.0.1 and 24.0.8, Nextcloud Enterprise Server 25.0.1 and 24.0.8, and Nextcloud Office (Richdocuments) App 7.0.1 (for 25) and 6.3.1 (for 24). No known workarounds are available. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-25159 |
| CVE-2023-25160 | Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for Nextcloud 22-24, Mail 1.12.9 for Nextcloud 21, or Mail 1.11.8 for Nextcloud 20 to receive a patch. No known workarounds are available. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-25160 |
| CVE-2023-25161 | Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowdown, storage overflow, or cost impact when using external email services. Users should upgrade to Nextcloud Server 25.0.1, 24.0.8, or 23.0.12 or Nextcloud Enterprise Server 25.0.1, 24.0.8, or 23.0.12 to receive a patch. No known workarounds are available. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-25161 |
| CVE-2023-25162 | Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclosed alphanumeric payloads to bypass IP filters and gain SSRF, which would allow an attacker to read crucial metadata if the server is hosted on the AWS platform. Nextcloud Server 24.0.8 and 23.0.2 and Nextcloud Enterprise Server 24.0.8 and 23.0.12 contain a patch for this issue. No known workarounds are available. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-25162 |
| CVE-2023-0655 | SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-0655 |
| CVE-2023-22943 | In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. The vulnerability affects AoB and apps that AoB generates when using the REST API Modular Input functionality through its user interface. The vulnerability also potentially affects third-party apps and add-ons that call the *cloudconnectlib.splunktacollectorlib.cloud_connect_mod_input* Python class directly. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22943 |
| CVE-2023-21699 | Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21699 |
| CVE-2023-21720 | Microsoft Edge (Chromium-based) Tampering Vulnerability | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21720 |
| CVE-2023-25192 | AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-25192 |
| CVE-2022-27891 | Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-27891 |
| CVE-2023-23752 | An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-23752 |
| CVE-2021-32419 | An issue in Schism Tracker v20200412 fixed in v.20200412 allows attacker to obtain sensitive information via the fmt_mtm_load_song function in fmt/mtm.c. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-32419 |
| CVE-2023-0901 | Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-0901 |
| CVE-2023-0914 | Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-0914 |
| CVE-2022-45139 | A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-45139 |
| CVE-2023-21715 | Microsoft Publisher Security Features Bypass Vulnerability | 5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21715 |
| CVE-2023-21722 | .NET Framework Denial of Service Vulnerability | 5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21722 |
| CVE-2021-24119 | In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-24119 |
| CVE-2022-42706 | An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-42706 |
| CVE-2022-44299 | SiteServerCMS 7.1.3 sscms has a file read vulnerability. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-44299 |
| CVE-2023-0895 | The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-0895 |
| CVE-2018-3763 | In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3763 |
| CVE-2019-10406 | Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10406 |
| CVE-2022-36325 | Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36325 |
| CVE-2023-0786 | Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0786 |
| CVE-2022-45436 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit network maps and XSS payload will be executed, which could be used for stealing admin users cookie value. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45436 |
| CVE-2022-45437 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction and attacker can get information. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45437 |
| CVE-2023-0429 | The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0429 |
| CVE-2022-41850 | roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-41850 |
| CVE-2021-43976 | In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-43976 |
| CVE-2023-24499 | Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-24499 |
| CVE-2019-0175 | Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-0175 |
| CVE-2019-0177 | Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-0177 |
| CVE-2019-0179 | Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-0179 |
| CVE-2019-0180 | Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-0180 |
| CVE-2021-4002 | A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-4002 |
| CVE-2022-24349 | An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-24349 |
| CVE-2022-24917 | An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-24917 |
| CVE-2022-24918 | An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-24918 |
| CVE-2022-24919 | An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-24919 |
| CVE-2022-34364 | Dell BSAFE SSL-J when used in debug mode can reveal unnecessary information. An attacker could potentially exploit this vulnerability and have access to private information. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34364 |
| CVE-2023-24804 | The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-24804 |
| CVE-2018-3762 | Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-3762 |
| CVE-2019-10408 | A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10408 |
| CVE-2019-10421 | Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10421 |
| CVE-2020-12397 | By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-12397 |
| CVE-2021-21366 | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This is fixed in version 0.5.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21366 |
| CVE-2022-0338 | Improper Privilege Management in Conda loguru prior to 0.5.3. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-0338 |
| CVE-2023-22945 | In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22945 |
| CVE-2023-22931 | In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22931 |
| CVE-2023-22937 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl. For more information on lookup table files, see [About lookups](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Aboutlookupsandfieldactions). | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22937 |
| CVE-2023-22938 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22938 |
| CVE-2023-22942 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG [App Key Value Store (KV store)](https://docs.splunk.com/Documentation/Splunk/latest/Admin/AboutKVstore) collections using an HTTP GET request. SSG is a Splunk-built app that comes with Splunk Enterprise. The vulnerability affects instances with SSG and Splunk Web enabled. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22942 |
| CVE-2023-21794 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21794 |
| CVE-2023-25766 | A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-25766 |
| CVE-2023-22805 | LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22805 |
| CVE-2023-23848 | Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-23848 |
| CVE-2023-23850 | A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-23850 |
| CVE-2022-38731 | Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type response header reflects the actual content type of the file being requested. This allows an attacker to enumerate files on the local system. Additionally, remote resources can be requested via a UNC path, allowing an attacker to coerce authentication out from the server to the attackers machine. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-38731 |
| CVE-2021-43074 | An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-43074 |
| CVE-2022-30299 | A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-30299 |
| CVE-2023-0880 | Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-0880 |
| CVE-2023-23899 | Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-23899 |
| CVE-2022-4385 | The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-4385 |
| CVE-2022-4386 | The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-4386 |
| CVE-2022-41849 | drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. | 4.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-41849 |
| CVE-2022-24410 | Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces. | 4.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-24410 |
| CVE-2023-25758 | Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP network). NOTE: the vendor states that "our hardware team has updated the security patch without anyone being affected." | 4.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-25758 |
| CVE-2023-0091 | A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information. | 3.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0091 |
| CVE-2022-48307 | It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of a successful man in the middle attack on magritte-ftp, an attacker would be able to read and modify network traffic such as authentication tokens or raw data entering a Palantir Foundry stack. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-48307 |
| CVE-2022-48308 | It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-48308 |
| CVE-2021-45486 | In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-45486 |
| CVE-2023-23934 | Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23934 |
| CVE-2023-23847 | A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23847 |
| CVE-2023-0919 | Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0919 |
| CVE-2019-0183 | Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-0183 |
| CVE-2022-3629 | A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-3629 |
| CVE-2022-3633 | A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-3633 |
| CVE-2022-41977 | An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-41977 |
| CVE-2023-23697 | Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-23697 |
| CVE-2023-24572 | Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-24572 |
| CVE-2022-29054 | A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29054 |
| CVE-2020-14394 | An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. | 3.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-14394 |
| CVE-2020-4050 | In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). | 3.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-4050 |
| CVE-2021-2175 | Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any View, Select Any View privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-2175 |
| CVE-2021-35576 | Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-35576 |
| CVE-2022-3521 | A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability. | 2.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3521 |
| CVE-2007-3278 | PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2007-3278 |
| CVE-2010-0442 | The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow." | – | https://nvd.nist.gov/vuln/detail/CVE-2010-0442 |
| CVE-2013-4843 | Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-4843 |
| CVE-2015-2906 | Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-2906 |
| CVE-2015-5289 | Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-5289 |
| CVE-2023-24998 | Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24998 |
| CVE-2022-48337 | GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48337 |
| CVE-2022-48338 | An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48338 |
| CVE-2022-48339 | An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48339 |
| CVE-2022-4669 | The Page Builder: Live Composer WordPress plugin before 1.5.23 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4669 |
| CVE-2015-10085 | A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-10085 |
| CVE-2022-48282 | Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior to and including v2.18.0 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48282 |
| CVE-2023-0942 | The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0942 |
| CVE-2017-20179 | A vulnerability was found in InSTEDD Pollit 2.3.1. It has been rated as critical. This issue affects the function TourController of the file app/controllers/tour_controller.rb. The manipulation leads to an unknown weakness. The attack may be initiated remotely. Upgrading to version 2.3.2 is able to address this issue. The name of the patch is 6ef04f8b5972d5f16f8b86f8b53f62fac68d5498. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221507. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20179 |
| CVE-2022-46637 | Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46637 |
| CVE-2023-0945 | A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. Affected is an unknown function of the file index.php?page=add-category. The manipulation of the argument Name with the input "><img src=x onerror=prompt(document.domain);> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221592. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0945 |
| CVE-2023-25158 | GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25158 |
| CVE-2023-25810 | Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25810 |
| CVE-2023-25811 | Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma `name` parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25811 |
| CVE-2023-25812 | Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a `Deny` policy on ByPassGoverance. Ideally, minio should return "Access Denied" to all users attempting to DELETE a versionId with the special header `X-Amz-Bypass-Governance-Retention: true`. However, this was not honored instead the request will be honored and an object under governance would be incorrectly deleted. All users are advised to upgrade. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25812 |
| CVE-2023-24320 | An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24320 |
| CVE-2023-25157 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25157 |
| CVE-2023-24080 | A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24080 |
| CVE-2023-24081 | Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24081 |
| CVE-2021-4325 | A vulnerability, which was classified as problematic, has been found in NHN TOAST UI Chart 4.1.4. This issue affects some unknown processing of the component Legend Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.0 is able to address this issue. The name of the patch is 1a3f455d17df379e11b501bb5ba1dd1bcc41d63e. It is recommended to upgrade the affected component. The identifier VDB-221501 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-4325 |
| CVE-2022-38779 | An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-38779 |
| CVE-2023-20855 | VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20855 |
| CVE-2023-20858 | VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20858 |
| CVE-2022-2883 | In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2883 |
| CVE-2023-0947 | Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0947 |
| CVE-2023-24107 | hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24107 |
| CVE-2023-24108 | MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24108 |
| CVE-2023-26314 | The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26314 |
| CVE-2023-0949 | Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0949 |
| CVE-2022-41216 | Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential information from the system. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41216 |
| CVE-2022-41217 | Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41217 |
| CVE-2023-23063 | Cellinx NVT v1.0.6.002b is vulnerable to local file disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23063 |
| CVE-2023-23039 | An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove(). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23039 |
| CVE-2023-23040 | TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23040 |
| CVE-2022-41565 | The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.21 and below, versions 6.0.11 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.2.0 and below. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41565 |
| CVE-2022-41566 | The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.6.0 and below. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41566 |
| CVE-2022-41567 | The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41567 |
| CVE-2022-43578 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238683. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-43578 |
| CVE-2022-43870 | IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-43870 |
| CVE-2022-43873 | An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-43873 |
| CVE-2023-0960 | A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/config.ftp.php of the component Picture Management. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-221630 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0960 |
| CVE-2023-26214 | The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26214 |
| CVE-2023-0846 | Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0846 |
| CVE-2023-0961 | A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. This affects an unknown part of the file view_music_details.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221631. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0961 |
| CVE-2023-0962 | A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file Master.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221632. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0962 |
| CVE-2023-0963 | A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0963 |
| CVE-2023-0964 | A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-221634 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0964 |
| CVE-2023-25154 | Misskey is an open source, decentralized social media platform. In versions prior to 13.5.0 the link to the instance to the sender that appears when viewing a user or note received through ActivityPub is not properly validated, so by inserting a URL with a javascript scheme an attacker may execute JavaScript code in the context of the recipient. This issue has been fixed in version 13.5.0. Users are advised to upgrade. Users unable to upgrade should not "view on remote" for untrusted instances. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25154 |
| CVE-2023-25579 | Nextcloud server is a self hosted home cloud product. In affected versions the `OC\\Files\\Node\\Folder::getFullPath()` function was validating and normalizing the string in the wrong order. The function is used in the `newFile()` and `newFolder()` items, which may allow to creation of paths outside of ones own space and overwriting data from other users with crafted paths. This issue has been addressed in versions 25.0.2, 24.0.8, and 23.0.12. Users are advised to upgrade. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25579 |
| CVE-2023-25813 | Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25813 |
| CVE-2023-0927 | Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0927 |
| CVE-2023-24093 | An access control issue in H3C A210-G A210-GV100R005 allows attackers to authenticate without a password. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24093 |
| CVE-2023-24810 | Misskey is an open source, decentralized social media platform. Due to insufficient validation of the redirect URL during `miauth` authentication in Misskey, arbitrary JavaScript can be executed when a user allows the link. All versions below 13.3.1 (including 12.x) are affected. This has been fixed in version 13.3.1. Users are advised to upgrade. Users unable to upgrade should not allow authentication of untrusted apps. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24810 |
| CVE-2023-24811 | Misskey is an open source, decentralized social media platform. In versions prior to 13.3.2 the URL preview function is subject to a cross site scripting vulnerability due to insufficient URL validation. Arbitrary JavaScript is executed when a malicious URL is loaded in the `View in Player` or `View in Window` preview. This has been fixed in version 13.3.2. Users are advised to upgrade. Users unable to upgrade should avoid usage of the `View in Player` or `View in Window` functions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24811 |
| CVE-2023-24812 | Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag (notes/search-by-tag). This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to upgrade should block access to the `api/notes/search-by-tag` endpoint. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24812 |
| CVE-2021-33367 | Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33367 |
| CVE-2022-29273 | pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29273 |
| CVE-2023-0104 | The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0104 |
| CVE-2023-22972 | A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22972 |
| CVE-2023-22973 | A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22973 |
| CVE-2023-22974 | A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22974 |
| CVE-2023-24114 | typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24114 |
| CVE-2022-39983 | File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows attackers to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-39983 |
| CVE-2022-45599 | Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gain escalated privileges only when specific conditions regarding a given accounts hashed password. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45599 |
| CVE-2022-45600 | Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45600 |
| CVE-2022-48149 | Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48149 |
| CVE-2023-26302 | Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26302 |
| CVE-2023-26303 | Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26303 |
| CVE-2022-48341 | ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48341 |
| CVE-2023-26462 | ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26462 |
| CVE-2023-0939 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NTN Information Technologies Online Services Software allows SQL Injection.This issue affects Online Services Software: before 1.17. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0939 |
| CVE-2023-25621 | Privilege Escalation vulnerability in Apache Software Foundation Apache Sling. Any content author is able to create i18n dictionaries in the repository in a location the author has write access to. As these translations are used across the whole product, it allows an author to change any text or dialog in the product. For example an attacker might fool someone by changing the text on a delete button to "Info". This issue affects the i18n module of Apache Sling up to version 2.5.18. Version 2.6.2 and higher limit by default i18m dictionaries to certain paths in the repository (/libs and /apps). Users of the module are advised to update to version 2.6.2 or higher, check the configuration for resource loading and then adjust the access permissions for the configured path accordingly. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25621 |
| CVE-2022-2504 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SDD Computer Software SDD-Baro allows SQL Injection.This issue affects SDD-Baro: before 2.8.432. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2504 |
| CVE-2023-0980 | A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/registrations/update_status.php of the component Status Update Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221675. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0980 |
| CVE-2023-0981 | A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been classified as critical. Affected is an unknown function of the component Delete User. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221676. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0981 |
| CVE-2023-0982 | A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Add Class Entry. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-221677 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0982 |
| CVE-2023-0815 | Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0815 |
| CVE-2023-0867 | Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0867 |
| CVE-2023-0868 | Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0868 |
| CVE-2023-0869 | Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0869 |
| CVE-2023-23659 | Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23659 |
| CVE-2023-24384 | Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24384 |
| CVE-2022-48342 | In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48342 |
| CVE-2022-48343 | In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48343 |
| CVE-2022-48344 | In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48344 |
| CVE-2023-0986 | A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/?page=user/manage_user of the component Edit User. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221679. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0986 |
| CVE-2023-0987 | A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221680. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0987 |
| CVE-2023-0988 | A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0. This issue affects some unknown processing of the file admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221681 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0988 |
| CVE-2023-24104 | Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24104 |
| CVE-2023-24415 | Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBot ? plugin <= 4.2.8 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24415 |
| CVE-2023-22476 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22476 |
| CVE-2022-3219 | GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3219 |
| CVE-2022-46786 | SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2). | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46786 |
| CVE-2022-4492 | The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4492 |
| CVE-2023-0044 | If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0044 |
| CVE-2023-0597 | A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0597 |
| CVE-2023-20011 | A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20011 |
| CVE-2023-20012 | A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20012 |
| CVE-2023-20015 | A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute unauthorized commands within the CLI. An attacker with Administrator privileges could also execute arbitrary commands on the underlying operating system of Cisco UCS 6400 and 6500 Series Fabric Interconnects with root-level privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20015 |
| CVE-2023-20016 | A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20016 |
| CVE-2023-20050 | A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20050 |
| CVE-2023-20089 | A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20089 |
| CVE-2023-23914 | A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23914 |
| CVE-2023-23915 | A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23915 |
| CVE-2023-23916 | An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23916 |
| CVE-2023-23917 | A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may increase the impact of XSS to RCE which is dangerous for self-hosted users as well. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23917 |
| CVE-2023-23918 | A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23918 |
| CVE-2023-23919 | A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23919 |
| CVE-2023-23920 | An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23920 |
| CVE-2023-24317 | Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24317 |
| CVE-2023-26325 | The 'rx_export_review' action in the ReviewX WordPress Plugin version < 1.6.4, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26325 |
| CVE-2023-26326 | The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26326 |
| CVE-2022-36231 | pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-36231 |
| CVE-2022-46784 | SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open redirection. (The issue was originally found in 5.5.1 GA.) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46784 |
| CVE-2022-46785 | SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 1 of 2). | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46785 |
| CVE-2023-0754 | The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0754 |
| CVE-2023-0755 | The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0755 |
| CVE-2023-24205 | Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24205 |
| CVE-2023-25823 | Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links (i.e. creating a Gradio app and then setting `share=True`), a private SSH key is sent to any user that connects to the Gradio machine, which means that a user could access other users' shared Gradio demos. From there, other exploits are possible depending on the level of access/exposure the Gradio app provides. This issue is patched in version 3.13.1, however, users are recommended to update to 3.19.1 or later where the FRP solution has been properly tested. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25823 |
| CVE-2023-25824 | Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This could be exploited for denial of service attacks. If trace level logging was enabled, it would also produce an excessive amount of log output during the loop, consuming disk space. The problem has been fixed in commit d7eec4e598158ab6a98bf505354e84352f9715ec, please update to version 0.12.1. There are no workarounds, users who cannot update should apply the errno fix detailed in the security advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25824 |
| CVE-2023-23294 | Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23294 |
| CVE-2023-23295 | Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23295 |
| CVE-2023-23296 | Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23296 |
| CVE-2023-24212 | Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24212 |
| CVE-2023-26468 | Cerebrate 1.12 does not properly consider organisation_id during creation of API keys. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26468 |
| CVE-2022-46440 | ttftool v0.9.2 was discovered to contain a segmentation violation via the readU16 function at ttf.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46440 |
| CVE-2023-0994 | Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0994 |
| CVE-2023-0995 | Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to v2.0.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0995 |
| CVE-2023-0996 | There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0996 |
| CVE-2022-1607 | Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1607 |
| CVE-2023-26102 | All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26102 |
| CVE-2022-48345 | sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48345 |
| CVE-2023-22425 | Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22425 |
| CVE-2023-22427 | Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22427 |
| CVE-2023-0997 | A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Moosikay/order.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221732. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0997 |
| CVE-2023-0998 | A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221733 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0998 |
| CVE-2023-0999 | A vulnerability classified as problematic was found in SourceCodester Sales Tracker Management System 1.0. This vulnerability affects unknown code of the file admin/?page=user/list. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221734 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0999 |
| CVE-2023-1002 | A vulnerability, which was classified as problematic, has been found in MuYuCMS 2.2. This issue affects some unknown processing of the file index.php. The manipulation of the argument file_path leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221735. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1002 |
| CVE-2023-1004 | A vulnerability has been found in MarkText up to 0.17.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1004 |
| CVE-2023-1005 | A vulnerability was found in JP1016 Markdown-Electron and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-221738 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1005 |
| CVE-2023-1006 | A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been classified as problematic. This affects an unknown part of the component New Record Handler. The manipulation of the argument Firstname/Middlename/Lastname/Suffix/Nationality/Doctor Fullname/Doctor Suffix with the input ">--redacted-- leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221739 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1006 |
| CVE-2023-0595 | A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0595 |
| CVE-2023-1007 | A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects unknown code in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1007 |
| CVE-2023-1008 | A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects some unknown processing in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1008 |
| CVE-2023-1009 | A vulnerability classified as problematic has been found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi. The manipulation of the argument option with the input /../etc/password leads to path traversal. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1009 |
| CVE-2023-1010 | A vulnerability classified as critical was found in vox2png 1.0. Affected by this vulnerability is an unknown functionality of the file vox2png.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221743. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1010 |
| CVE-2021-4105 | Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-4105 |
| CVE-2023-25691 | Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25691 |
| CVE-2023-25692 | Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25692 |
| CVE-2023-25693 | Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25693 |
| CVE-2023-25696 | Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25696 |
| CVE-2023-25956 | Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25956 |
| CVE-2022-43923 | IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-43923 |
| CVE-2022-4203 | A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4203 |
| CVE-2023-0585 | The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0585 |
| CVE-2023-0586 | The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0586 |
| CVE-2021-33224 | File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33224 |
| CVE-2021-33387 | Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a crafted get request. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33387 |
| CVE-2021-35369 | Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the filtering_get_contents function. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-35369 |
| CVE-2021-35370 | An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-35370 |
| CVE-2023-23205 | An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23205 |
| CVE-2023-0481 | In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0481 |
| CVE-2022-44310 | In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-44310 |
| CVE-2023-1029 | The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate Sitemaps via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1029 |
| CVE-2023-1030 | A vulnerability has been found in SourceCodester Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221755. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1030 |
| CVE-2021-34167 | Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-34167 |
| CVE-2021-34249 | SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-34249 |
| CVE-2021-35290 | File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-35290 |
| CVE-2023-24189 | An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24189 |
| CVE-2022-23535 | LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserialization of Untrusted Data. LiteDB uses a special field in JSON documents to cast different types from `BsonDocument` to POCO classes. When instances of an object are not the same of class, `BsonMapper` use a special field `_type` string info with full class name with assembly to be loaded and fit into your model. If your end-user can send to your app a plain JSON string, deserialization can load an unsafe object to fit into your model. This issue is patched in version 5.0.13 with some basic fixes to avoid this, but is not 100% guaranteed when using `Object` type. The next major version will contain an allow-list to select what kind of Assembly can be loaded. Workarounds are detailed in the vendor advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-23535 |
| CVE-2023-25816 | Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround is available. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25816 |
| CVE-2023-25821 | Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25821 |
| CVE-2023-26033 | Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects (in user preferences) the "Recently Visited Packages" view for the index page, the value of the `search_history` cookie is used as a base64 encoded comma separated list of atoms. These are string loaded directly into the SQL query with `atom = '%s'` format string. As a result, any user can modify the browser's cookie value and inject most SQL queries. A proof of concept malformed cookie was generated that wiped the database or changed it's content. On the database, only public data is stored, so there is no confidentiality issues to site users. If it is known that the database was modified, a full restoration of data is possible by performing a full database wipe and performing full update of all components. This issue is patched with commit id 5ae9ca83b73. Version 1.0.1 contains the patch. If users are unable to upgrade immediately, the following workarounds may be applied: (1.) Use a proxy to always drop the `search_history` cookie until upgraded. The impact on user experience is low. (2.) Sanitize to the value of `search_history` cookie after base64 decoding it. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26033 |
| CVE-2023-1033 | Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1033 |
| CVE-2023-25825 | ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25825 |
| CVE-2023-26032 | ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could determine the HASH key used by ZoneMinder, they could generate a malicious JWT token and use it to execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26032 |
| CVE-2023-26034 | ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the `filter[Query][terms][0][attr]` query string parameter of the `/zm/index.php` endpoint. A user with the View or Edit permissions of Events may execute arbitrary SQL. The resulting impact can include unauthorized data access (and modification), authentication and/or authorization bypass, and remote code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26034 |
| CVE-2023-1034 | Path Traversal: '\\..\\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1034 |
| CVE-2023-26035 | ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26035 |
| CVE-2023-26036 | ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be executed. This is supposed to be mitigated by calling detaintPath, however dentaintPath does not properly sandbox the path. This can be exploited by constructing paths like "..././", which get replaced by "../". This issue is patched in versions 1.36.33 and 1.37.33. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26036 |
| CVE-2023-26037 | ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26037 |
| CVE-2023-26038 | ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrary php file path can be passed in the request and loaded. This issue is patched in versions 1.36.33 and 1.37.33. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26038 |
| CVE-2023-26039 | ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26039 |
| CVE-2023-26544 | In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26544 |
| CVE-2023-26545 | In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26545 |
| CVE-2023-26103 | Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to significantly slow down a web socket server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26103 |
| CVE-2023-26104 | All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26104 |
| CVE-2022-2024 | OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2024 |
| CVE-2023-26550 | A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26550 |
| CVE-2022-48362 | Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48362 |
| CVE-2023-26091 | The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26091 |
| CVE-2021-3329 | Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack | – | https://nvd.nist.gov/vuln/detail/CVE-2021-3329 |
| CVE-2019-25105 | A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is fa73c3a42bc5c246a1b8f815699ea241aef154bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221763. | – | https://nvd.nist.gov/vuln/detail/CVE-2019-25105 |
| CVE-2023-1036 | A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /APR/signup.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221794 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1036 |
| CVE-2023-1037 | A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /APR/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221795. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1037 |
| CVE-2023-1038 | A vulnerability classified as critical has been found in SourceCodester Online Reviewer Management System 1.0. Affected is an unknown function of the file /reviewer_0/admins/assessments/pretest/questions-view.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221796. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1038 |
| CVE-2023-1039 | A vulnerability classified as critical was found in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index3.php of the component POST Parameter Handler. The manipulation of the argument password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221797 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1039 |
| CVE-2023-1041 | A vulnerability, which was classified as problematic, was found in SourceCodester Simple Responsive Tourism Website 1.0. This affects an unknown part of the file /tourism/rate_review.php. The manipulation of the argument id with the input 1">--redacted-- leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221799 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1041 |
| CVE-2023-1042 | A vulnerability has been found in SourceCodester Online Pet Shop We App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /pet_shop/admin/orders/update_status.php. The manipulation of the argument oid with the input 1">--redacted-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221800 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1042 |
| CVE-2023-1043 | A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221802 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1043 |
| CVE-2023-1044 | A vulnerability was found in MuYuCMS 2.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /editor/index.php. The manipulation of the argument file_path leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221803. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1044 |
| CVE-2023-1045 | A vulnerability was found in MuYuCMS 2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin.php/accessory/filesdel.html. The manipulation of the argument filedelur leads to relative path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221804. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1045 |
| CVE-2023-1046 | A vulnerability classified as critical has been found in MuYuCMS 2.2. This affects an unknown part of the file /admin.php/update/getFile.html. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221805 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1046 |
| CVE-2023-1047 | A vulnerability classified as critical was found in TechPowerUp RealTemp 3.7.0.0. This vulnerability affects unknown code in the library WinRing0x64.sys. The manipulation leads to improper initialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-221806 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1047 |
| CVE-2023-1048 | A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1048 |
| CVE-2023-26602 | ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26602 |
| CVE-2022-48363 | In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48363 |
| CVE-2023-26605 | In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26605 |
| CVE-2023-26606 | In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26606 |
| CVE-2023-26607 | In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26607 |
| CVE-2023-26609 | ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26609 |
| CVE-2023-26257 | An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26257 |
| CVE-2022-31405 | MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31405 |
| CVE-2023-22636 | An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22636 |
| CVE-2023-1053 | A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. This issue affects some unknown processing of the file view_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221819. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1053 |
| CVE-2023-1054 | A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221820. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1054 |
| CVE-2023-1056 | A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edoc/doctor/patient.php. The manipulation of the argument search12 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221821 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1056 |
| CVE-2023-1057 | A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been rated as critical. Affected by this issue is the function edoc of the file login.php. The manipulation of the argument usermail leads to sql injection. VDB-221822 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1057 |
| CVE-2023-1058 | A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. This affects an unknown part of the file create-account.php. The manipulation of the argument newemail leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221823. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1058 |
| CVE-2023-1059 | A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221824. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1059 |
| CVE-2023-1061 | A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument oldmail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221825 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1061 |
| CVE-2023-1062 | A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Affected is an unknown function of the file /admin/add-new.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221826 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1062 |
| CVE-2023-1063 | A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/patient.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221827. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1063 |
| CVE-2022-34908 | An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34908 |
| CVE-2022-34909 | An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34909 |
| CVE-2022-34910 | An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34910 |
| CVE-2023-24206 | Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24206 |
| CVE-2021-32302 | Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-32302 |
| CVE-2023-1067 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1067 |
| CVE-2023-1068 | The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the read_more_excerpt_link_menu_options() function. This makes it possible for unauthenticated attackers to update he plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1068 |
| CVE-2023-23080 | Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS<=V2209020908. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23080 |
| CVE-2023-23108 | In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23108 |
| CVE-2023-23109 | In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23109 |
| CVE-2022-40237 | IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-40237 |
| CVE-2022-45697 | Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45697 |
| CVE-2023-22860 | IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22860 |
| CVE-2023-26042 | Part-DB is an open source inventory management system for your electronic components. User input was found not being properly escaped, which allowed malicious users to inject arbitrary HTML into the pages. The Content-Security-Policy forbids inline and external scripts so it is not possible to execute JavaScript code, unless in combination with other vulnerabilities. There are no workarounds, please upgrade to Pat-DB 1.0.2 or later. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26042 |
| CVE-2023-27263 | A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27263 |
| CVE-2023-27264 | A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27264 |
| CVE-2023-27265 | Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27265 |
| CVE-2023-27266 | Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27266 |
| CVE-2022-4550 | The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4550 |
| CVE-2022-4679 | The Wufoo Shortcode WordPress plugin before 1.52 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4679 |
| CVE-2022-4757 | The List Pages Shortcode WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4757 |
| CVE-2022-4788 | The Embed PDF WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4788 |
| CVE-2022-4795 | The Galleries by Angie Makes WordPress plugin through 1.67 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4795 |
| CVE-2022-4829 | The Show-Hide / Collapse-Expand WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4829 |
| CVE-2023-0043 | The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0043 |
| CVE-2023-0168 | The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0168 |
| CVE-2023-0230 | The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0230 |
| CVE-2023-0278 | The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0278 |
| CVE-2023-0279 | The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0279 |
| CVE-2023-0331 | The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0331 |
| CVE-2023-0334 | The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0334 |
| CVE-2023-0381 | The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0381 |
| CVE-2023-0487 | The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0487 |
| CVE-2023-0535 | The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0535 |
| CVE-2023-0539 | The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0539 |
| CVE-2023-0543 | The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0543 |
| CVE-2023-0548 | The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0548 |
| CVE-2023-0552 | The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0552 |
| CVE-2023-1070 | External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1070 |
| CVE-2023-23155 | Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23155 |
| CVE-2023-23156 | Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23156 |
| CVE-2023-23157 | A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullname parameter on the enquiry page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23157 |
| CVE-2023-23158 | A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter on the enquiry page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23158 |
| CVE-2023-24251 | WangEditor v5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /dist/index.js. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24251 |
| CVE-2023-24364 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter under the Admin Panel. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24364 |
| CVE-2023-24651 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24651 |
| CVE-2023-24652 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24652 |
| CVE-2023-24653 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24653 |
| CVE-2023-24654 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Request a Quote function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24654 |
| CVE-2023-24656 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24656 |
| CVE-2023-25231 | Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25231 |
| CVE-2023-25233 | Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25233 |
| CVE-2023-25234 | Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25234 |
| CVE-2023-25235 | Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function formOneSsidCfgSet via parameter ssid. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25235 |
| CVE-2023-26758 | Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26758 |
| CVE-2023-26759 | Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26759 |
| CVE-2023-26760 | Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. This vulnerability allows attackers to access cleartext credentials needed to authenticate to the AS400 system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26760 |
| CVE-2023-26762 | Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26762 |
| CVE-2022-48230 | There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to DoS. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48230 |
| CVE-2022-48254 | There is a data processing error vulnerability in Leia-B29 2.0.0.49(M03). Successful exploitation could bypass lock screen authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48254 |
| CVE-2022-48255 | There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48255 |
| CVE-2022-48259 | There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could allow attackers to gain higher privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48259 |
| CVE-2022-48260 | There is a buffer overflow vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to device service exceptions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48260 |
| CVE-2022-48261 | There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation of this vulnerability may cause the printer service to be abnormal. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48261 |
| CVE-2022-48283 | A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48283 |
| CVE-2022-48284 | A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48284 |
| CVE-2022-48305 | There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. Successful exploitation of this vulnerability may cause the access control function of specific applications to fail. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48305 |
| CVE-2023-24249 | An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24249 |
| CVE-2023-24253 | Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24253 |
| CVE-2020-9846 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-9846 |
| CVE-2021-46841 | This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46841 |
| CVE-2022-22582 | A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22582 |
| CVE-2022-22668 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A malicious application may be able to leak sensitive user information. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22668 |
| CVE-2022-26760 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A malicious application may be able to elevate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26760 |
| CVE-2022-32784 | The issue was addressed with improved UI handling. This issue is fixed in Safari 15.6, iOS 15.6 and iPadOS 15.6. Visiting a maliciously crafted website may leak sensitive data. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32784 |
| CVE-2022-32824 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32824 |
| CVE-2022-32830 | An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.6, iOS 15.6 and iPadOS 15.6. Processing a maliciously crafted image may lead to disclosure of user information. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32830 |
| CVE-2022-32836 | This issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32836 |
| CVE-2022-32844 | A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32844 |
| CVE-2022-32846 | A logic issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32846 |
| CVE-2022-32855 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6. A user may be able to view restricted content from the lock screen. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32855 |
| CVE-2022-32891 | The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32891 |
| CVE-2022-32896 | This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. A user may be able to view sensitive user information. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32896 |
| CVE-2022-32900 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to gain elevated privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32900 |
| CVE-2022-32902 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32902 |
| CVE-2022-32906 | This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32906 |
| CVE-2022-32949 | This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32949 |
| CVE-2022-42797 | An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-42797 |
| CVE-2022-42826 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-42826 |
| CVE-2022-42833 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-42833 |
| CVE-2022-42838 | An issue with app access to camera data was addressed with improved logic. This issue is fixed in macOS Ventura 13. A camera extension may be able to continue receiving video after the app which activated was closed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-42838 |
| CVE-2022-46704 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to modify protected parts of the file system. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46704 |
| CVE-2022-46705 | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46705 |
| CVE-2022-46712 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13. An app may be able to cause unexpected system termination or potentially execute code with kernel privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46712 |
| CVE-2022-46713 | A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46713 |
| CVE-2022-46723 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A remote user may be able to write arbitrary files. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46723 |
| CVE-2023-23493 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3. An encrypted volume may be unmounted and remounted by a different user without prompting for the password. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23493 |
| CVE-2023-23496 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23496 |
| CVE-2023-23497 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, macOS Big Sur 11.7.3. An app may be able to gain root privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23497 |
| CVE-2023-23498 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23498 |
| CVE-2023-23499 | This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. An app may be able to access user-sensitive data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23499 |
| CVE-2023-23500 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to leak sensitive kernel state. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23500 |
| CVE-2023-23501 | The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. An app may be able to disclose kernel memory.. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23501 |
| CVE-2023-23502 | An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to determine kernel memory layout. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23502 |
| CVE-2023-23503 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23503 |
| CVE-2023-23504 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code with kernel privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23504 |
| CVE-2023-23505 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, iOS 15.7.3 and iPadOS 15.7.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. An app may be able to access information about a user’s contacts. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23505 |
| CVE-2023-23506 | A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.2. An app may be able to access user-sensitive data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23506 |
| CVE-2023-23507 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to execute arbitrary code with kernel privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23507 |
| CVE-2023-23508 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, macOS Big Sur 11.7.3. An app may be able to bypass Privacy preferences. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23508 |
| CVE-2023-23510 | A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.2. An app may be able to access a user’s Safari history. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23510 |
| CVE-2023-23511 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23511 |
| CVE-2023-23512 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Visiting a website may lead to an app denial-of-service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23512 |
| CVE-2023-23513 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, macOS Big Sur 11.7.3. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23513 |
| CVE-2023-23514 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1. An app may be able to execute arbitrary code with kernel privileges.. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23514 |
| CVE-2023-23517 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23517 |
| CVE-2023-23518 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23518 |
| CVE-2023-23519 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Processing an image may lead to a denial-of-service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23519 |
| CVE-2023-23520 | A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23520 |
| CVE-2023-23522 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data.. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23522 |
| CVE-2023-23524 | A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, tvOS 16.3.2, watchOS 9.3.1. Processing a maliciously crafted certificate may lead to a denial-of-service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23524 |
| CVE-2023-23529 | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23529 |
| CVE-2023-23530 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23530 |
| CVE-2023-23531 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23531 |
| CVE-2023-24258 | SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24258 |
| CVE-2023-26041 | Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to 15.0.3. There are no workaround available. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26041 |
| CVE-2023-26043 | GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26043 |
| CVE-2023-1055 | A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1055 |
| CVE-2015-10086 | A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is fa0d9bcf81c711a88172ad0d37a842f029ac3782. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221808. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-10086 |
| CVE-2023-1081 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1081 |
| CVE-2020-36652 | Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36652 |
| CVE-2022-3884 | Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3884 |
| CVE-2022-4895 | Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4895 |
| CVE-2021-22283 | Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-22283 |
| CVE-2023-22995 | In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22995 |
| CVE-2023-26105 | All versions of the package utilities are vulnerable to Prototype Pollution via the _mix function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26105 |
| CVE-2023-1022 | The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to update google analytics options maintained by the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1022 |
| CVE-2023-1023 | The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to change sitemap-related settings of the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1023 |
| CVE-2023-1024 | The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to generate sitemaps. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1024 |
| CVE-2023-1026 | The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by category as long as those posts are published. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1026 |
| CVE-2023-1027 | The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post categories. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1027 |
| CVE-2023-1028 | The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1028 |
| CVE-2023-1080 | The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1080 |
| CVE-2022-43459 | Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainForm – Form Builder for WordPress plugin <= 2.5.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-43459 |
| CVE-2023-23992 | Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23992 |
| CVE-2023-24419 | Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24419 |
| CVE-2022-47179 | Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47179 |
| CVE-2022-47612 | Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47612 |
| CVE-2023-0461 | There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0461 |
| CVE-2023-23865 | Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin <= 1.4.10 leads to settings change. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23865 |
| CVE-2023-23983 | Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 can lead to theme deletion. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23983 |
| CVE-2023-25264 | An issue was discovered in Docmosis Tornado prior to version 2.9.5. An unauthenticated attacker can bypass the authentication check filter completely by introducing a specially crafted request with relative path segments. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25264 |
| CVE-2023-25265 | Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25265 |
| CVE-2023-25266 | An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code execution (RCE). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25266 |
| CVE-2023-25807 | DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25807 |
| CVE-2023-26255 | An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26255 |
| CVE-2023-26256 | An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26256 |
| CVE-2022-20455 | In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242537431 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-20455 |
| CVE-2022-20481 | In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241927115 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-20481 |
| CVE-2022-20551 | In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243376549 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-20551 |
| CVE-2023-0339 | Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0339 |
| CVE-2023-0511 | Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0511 |
| CVE-2023-20857 | VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20857 |
| CVE-2023-20932 | In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20932 |
| CVE-2023-20933 | In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20933 |
| CVE-2023-20934 | In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-258672042 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20934 |
| CVE-2023-20937 | In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257443051References: Upstream kernel | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20937 |
| CVE-2023-20938 | In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream kernel | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20938 |
| CVE-2023-20939 | In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20939 |
| CVE-2023-20940 | In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256237041 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20940 |
| CVE-2023-20943 | In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20943 |
| CVE-2023-20944 | In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-244154558 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20944 |
| CVE-2023-20945 | In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-246932269 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20945 |
| CVE-2023-20946 | In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-244423101 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20946 |
| CVE-2023-20948 | In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-230630526 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20948 |
| CVE-2023-23689 | Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. This may allow an unauthenticated network host to impair built-in hardware management functionality and trigger OneFS data protection mechanism causing a denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23689 |
| CVE-2023-25540 | Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25540 |
| CVE-2023-27292 | An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27292 |
| CVE-2023-27293 | Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cookies and force users to make actions without their knowledge. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27293 |
| CVE-2023-27294 | Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could result in stealing session tokens from users with higher permission levels or forcing users to make actions without their knowledge. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27294 |
| CVE-2023-27295 | Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27295 |
| CVE-2022-41722 | A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\\c:\\b". | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41722 |
| CVE-2022-41723 | A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41723 |
| CVE-2022-41724 | Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert). | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41724 |
| CVE-2022-41725 | A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41725 |
| CVE-2022-41727 | An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41727 |
| CVE-2023-1018 | An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1018 |
| CVE-2023-25431 | An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25431 |
| CVE-2023-25432 | An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/course/course-update.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25432 |
| CVE-2023-27320 | Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27320 |
| CVE-2023-1017 | An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1017 |
| CVE-2023-1065 | This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not expose the user of the integration to any direct security risk and no user data can be leaked. To exploit the vulnerability the attacker does not need to be authenticated to Snyk but does need to know the target's Integration ID (which may or may not be the same as the Organization ID, although this is an unpredictable UUID in either case). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1065 |
| CVE-2023-27371 | GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27371 |
| CVE-2023-27372 | SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27372 |
| CVE-2023-1099 | A vulnerability was found in SourceCodester Online Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file eduauth/edit-class-detail.php?editid=1. The manipulation of the argument editideditid leads to sql injection. The attack may be launched remotely. VDB-222002 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1099 |
| CVE-2023-1100 | A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. This affects an unknown part of the file /reservation/add_message.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222003. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1100 |
| CVE-2023-22996 | In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22996 |
| CVE-2023-22997 | In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22997 |
| CVE-2023-22998 | In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22998 |
| CVE-2023-22999 | In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22999 |
