Published on 08 Mar 2023
SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.
The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:
Critical | vulnerabilities with a base score of 9.0 to 10.0 |
High | vulnerabilities with a base score of 7.0 to 8.9 |
Medium | vulnerabilities with a base score of 4.0 to 6.9 |
Low | vulnerabilities with a base score of 0.1 to 3.9 |
None | vulnerabilities with a base score of 0.0 |
For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2019-7256 | Linear eMerge E3-Series devices allow Command Injections. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2019-7256 |
CVE-2021-26334 | The AMDPowerProfiler.sys driver of AMD ?Prof tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-26334 |
CVE-2022-43403 | A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-43403 |
CVE-2018-14599 | An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-14599 |
CVE-2018-7364 | All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-7364 |
CVE-2017-1002157 | modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-1002157 |
CVE-2019-8996 | In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-8996 |
CVE-2018-20177 | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-20177 |
CVE-2018-19276 | OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-19276 |
CVE-2019-10661 | On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10661 |
CVE-2019-11119 | Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11119 |
CVE-2019-10989 | In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10989 |
CVE-2019-10991 | In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10991 |
CVE-2019-11062 | The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11062 |
CVE-2019-13573 | A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13573 |
CVE-2019-13585 | The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13585 |
CVE-2019-12815 | An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12815 |
CVE-2019-1010174 | CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1010174 |
CVE-2019-13990 | initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13990 |
CVE-2019-14431 | In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14431 |
CVE-2019-14313 | A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14313 |
CVE-2019-12797 | A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12797 |
CVE-2019-14495 | webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14495 |
CVE-2019-14529 | OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14529 |
CVE-2019-14697 | musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14697 |
CVE-2019-5476 | An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5476 |
CVE-2019-1895 | A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an insufficient authentication mechanism used to establish a VNC session. An attacker could exploit this vulnerability by intercepting an administrator VNC session request prior to login. A successful exploit could allow the attacker to watch the administrator console session or interact with it, allowing admin access to the affected device. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1895 |
CVE-2015-9298 | The events-manager plugin before 5.6 for WordPress has code injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-9298 |
CVE-2019-15052 | The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-15052 |
CVE-2019-6695 | Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-6695 |
CVE-2018-7820 | A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-7820 |
CVE-2019-19907 | HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-19907 |
CVE-2014-0048 | An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2014-0048 |
CVE-2020-10567 | An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.) | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-10567 |
CVE-2020-11716 | Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support." | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-11716 |
CVE-2020-13388 | An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13388 |
CVE-2020-35476 | A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.) | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-35476 |
CVE-2021-39658 | ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms system service?but it does not check the permissions of the caller?resulting in permission leaks?Third-party apps can use this service to arbitrarily modify and set system properties?Product: AndroidVersions: Android SoCAndroid ID: A-207479207 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-39658 |
CVE-2022-26562 | An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26562 |
CVE-2022-1531 | SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1531 |
CVE-2022-2068 | In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2068 |
CVE-2022-22897 | A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22897 |
CVE-2022-37130 | In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-37130 |
CVE-2016-2338 | An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-2338 |
CVE-2022-24697 | Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24697 |
CVE-2022-42889 | Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42889 |
CVE-2022-21587 | Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-21587 |
CVE-2022-37454 | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-37454 |
CVE-2021-42553 | A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42553 |
CVE-2022-43400 | A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43400 |
CVE-2022-42915 | curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42915 |
CVE-2021-40241 | xfig 3.2.7 is vulnerable to Buffer Overflow. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40241 |
CVE-2022-31692 | Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true) | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31692 |
CVE-2022-41552 | Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41552 |
CVE-2022-39379 | Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable `FLUENT_OJ_OPTION_MODE` is explicitly set to `object`. Please note: The option FLUENT_OJ_OPTION_MODE was introduced in Fluentd version 1.13.2. Earlier versions of Fluentd are not affected by this vulnerability. This issue was patched in version 1.15.3. As a workaround do not use `FLUENT_OJ_OPTION_MODE=object`. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-39379 |
CVE-2022-39353 | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-39353 |
CVE-2022-41945 | super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced ??into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41945 |
CVE-2022-45462 | Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45462 |
CVE-2022-32221 | When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32221 |
CVE-2022-3485 | In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3485 |
CVE-2022-46393 | An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46393 |
CVE-2022-4566 | A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215975. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4566 |
CVE-2022-47002 | A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47002 |
CVE-2022-47003 | A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47003 |
CVE-2023-25139 | sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25139 |
CVE-2023-25718 | In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It is plausible that the end user may allow the download and execution of this file to proceed. There are ConnectWise Control configuration options that add mitigations. NOTE: this may overlap CVE-2023-25719. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25718 |
CVE-2023-22578 | Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22578 |
CVE-2022-26843 | Insufficient visual distinction of homoglyphs presented to user in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.1 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26843 |
CVE-2021-34182 | An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-34182 |
CVE-2022-40021 | QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) was discovered to contain a command injection vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40021 |
CVE-2023-0906 | A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Affected by this vulnerability is the function delete_category of the file ajax.php of the component POST Parameter Handler. The manipulation leads to missing authentication. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-221455. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0906 |
CVE-2023-0910 | A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_prod.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-221476. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0910 |
CVE-2023-25613 | An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25613 |
CVE-2023-25805 | versionn, software for changing version information across multiple files, has a command injection vulnerability in all versions prior to version 1.1.0. This issue is patched in version 1.1.0. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25805 |
CVE-2022-48317 | Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48317 |
CVE-2022-48337 | GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48337 |
CVE-2023-23452 | Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23452 |
CVE-2023-23453 | Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23453 |
CVE-2023-26234 | JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26234 |
CVE-2023-26266 | In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26266 |
CVE-2015-10082 | A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-10082 |
CVE-2023-0935 | A vulnerability was found in DolphinPHP up to 1.5.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file common.php of the component Incomplete Fix CVE-2021-46097. The manipulation of the argument id leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221551. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0935 |
CVE-2022-45564 | SQL Injection vulnerability in znfit Home improvement ERP management system V50_20220207,v42 allows attackers to execute arbitrary sql commands via the userCode parameter to the wechat applet. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45564 |
CVE-2022-45677 | SQL Injection Vulnerability in tanujpatra228 Tution Management System (TMS) via the email parameter to processes/student_login.process.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45677 |
CVE-2015-10083 | A vulnerability has been found in harrystech Dynosaur-Rails and classified as critical. Affected by this vulnerability is the function basic_auth of the file app/controllers/application_controller.rb. The manipulation leads to improper authentication. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is 04b223813f0e336aab50bff140d0f5889c31dbec. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221503. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-10083 |
CVE-2015-10084 | A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function _prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of the patch is b25262de52fdaffde2a4434fc2a84408b304fbc5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221504. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-10084 |
CVE-2023-24184 | TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24184 |
CVE-2023-22920 | A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22920 |
CVE-2017-20179 | A vulnerability was found in InSTEDD Pollit 2.3.1. It has been rated as critical. This issue affects the function TourController of the file app/controllers/tour_controller.rb. The manipulation leads to an unknown weakness. The attack may be initiated remotely. Upgrading to version 2.3.2 is able to address this issue. The name of the patch is 6ef04f8b5972d5f16f8b86f8b53f62fac68d5498. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221507. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20179 |
CVE-2022-46637 | Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46637 |
CVE-2023-25158 | GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25158 |
CVE-2023-24320 | An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24320 |
CVE-2023-25157 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25157 |
CVE-2023-24080 | A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24080 |
CVE-2023-0947 | Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0947 |
CVE-2023-24107 | hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24107 |
CVE-2023-24108 | MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24108 |
CVE-2022-41217 | Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41217 |
CVE-2023-0960 | A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/config.ftp.php of the component Picture Management. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-221630 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0960 |
CVE-2023-0961 | A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. This affects an unknown part of the file view_music_details.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221631. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0961 |
CVE-2023-0963 | A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0963 |
CVE-2023-0964 | A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-221634 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0964 |
CVE-2023-25813 | Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25813 |
CVE-2023-24093 | An access control issue in H3C A210-G A210-GV100R005 allows attackers to authenticate without a password. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24093 |
CVE-2023-24812 | Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag (notes/search-by-tag). This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to upgrade should block access to the `api/notes/search-by-tag` endpoint. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24812 |
CVE-2023-24114 | typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24114 |
CVE-2022-39983 | File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows attackers to execute arbitrary code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-39983 |
CVE-2022-45599 | Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gain escalated privileges only when specific conditions regarding a given accounts hashed password. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45599 |
CVE-2022-48149 | Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48149 |
CVE-2023-26462 | ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.) | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26462 |
CVE-2023-0939 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NTN Information Technologies Online Services Software allows SQL Injection.This issue affects Online Services Software: before 1.17. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0939 |
CVE-2022-2504 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SDD Computer Software SDD-Baro allows SQL Injection.This issue affects SDD-Baro: before 2.8.432. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2504 |
CVE-2023-0980 | A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/registrations/update_status.php of the component Status Update Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221675. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0980 |
CVE-2023-0981 | A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been classified as critical. Affected is an unknown function of the component Delete User. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221676. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0981 |
CVE-2023-0982 | A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Add Class Entry. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-221677 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0982 |
CVE-2022-48342 | In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48342 |
CVE-2023-0986 | A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/?page=user/manage_user of the component Edit User. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221679. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0986 |
CVE-2023-24104 | Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24104 |
CVE-2023-26326 | The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26326 |
CVE-2022-36231 | pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36231 |
CVE-2023-0754 | The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0754 |
CVE-2023-0755 | The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0755 |
CVE-2023-24205 | Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24205 |
CVE-2023-25823 | Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links (i.e. creating a Gradio app and then setting `share=True`), a private SSH key is sent to any user that connects to the Gradio machine, which means that a user could access other users' shared Gradio demos. From there, other exploits are possible depending on the level of access/exposure the Gradio app provides. This issue is patched in version 3.13.1, however, users are recommended to update to 3.19.1 or later where the FRP solution has been properly tested. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25823 |
CVE-2023-24212 | Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24212 |
CVE-2021-4105 | Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4105 |
CVE-2023-25691 | Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25691 |
CVE-2023-25693 | Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25693 |
CVE-2023-25696 | Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25696 |
CVE-2021-33224 | File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33224 |
CVE-2021-35370 | An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35370 |
CVE-2023-24189 | An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24189 |
CVE-2022-23535 | LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserialization of Untrusted Data. LiteDB uses a special field in JSON documents to cast different types from `BsonDocument` to POCO classes. When instances of an object are not the same of class, `BsonMapper` use a special field `_type` string info with full class name with assembly to be loaded and fit into your model. If your end-user can send to your app a plain JSON string, deserialization can load an unsafe object to fit into your model. This issue is patched in version 5.0.13 with some basic fixes to avoid this, but is not 100% guaranteed when using `Object` type. The next major version will contain an allow-list to select what kind of Assembly can be loaded. Workarounds are detailed in the vendor advisory. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23535 |
CVE-2023-26035 | ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26035 |
CVE-2023-26036 | ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be executed. This is supposed to be mitigated by calling detaintPath, however dentaintPath does not properly sandbox the path. This can be exploited by constructing paths like "..././", which get replaced by "../". This issue is patched in versions 1.36.33 and 1.37.33. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26036 |
CVE-2023-26037 | ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26037 |
CVE-2023-26550 | A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26550 |
CVE-2023-1037 | A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /APR/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221795. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1037 |
CVE-2023-1038 | A vulnerability classified as critical has been found in SourceCodester Online Reviewer Management System 1.0. Affected is an unknown function of the file /reviewer_0/admins/assessments/pretest/questions-view.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221796. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1038 |
CVE-2023-26602 | ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26602 |
CVE-2023-1053 | A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. This issue affects some unknown processing of the file view_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221819. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1053 |
CVE-2023-1054 | A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221820. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1054 |
CVE-2023-24206 | Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24206 |
CVE-2023-23080 | Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS<=V2209020908. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23080 |
CVE-2022-45138 | The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45138 |
CVE-2022-45140 | The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45140 |
CVE-2023-23156 | Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23156 |
CVE-2023-25231 | Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25231 |
CVE-2023-25233 | Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25233 |
CVE-2023-25234 | Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25234 |
CVE-2022-48255 | There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48255 |
CVE-2022-48259 | There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could allow attackers to gain higher privileges. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48259 |
CVE-2022-48283 | A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48283 |
CVE-2022-48284 | A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48284 |
CVE-2023-24253 | Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24253 |
CVE-2022-26760 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A malicious application may be able to elevate privileges. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26760 |
CVE-2023-20946 | In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-244423101 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20946 |
CVE-2023-27372 | SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27372 |
CVE-2023-1099 | A vulnerability was found in SourceCodester Online Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file eduauth/edit-class-detail.php?editid=1. The manipulation of the argument editideditid leads to sql injection. The attack may be launched remotely. VDB-222002 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1099 |
CVE-2023-1100 | A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. This affects an unknown part of the file /reservation/add_message.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222003. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1100 |
CVE-2019-5604 | In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350247, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, the emulated XHCI device included with the bhyve hypervisor did not properly validate data provided by the guest, allowing an out-of-bounds read. This provides a malicious guest the possibility to crash the system or access system memory. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-5604 |
CVE-2021-32853 | Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-32853 |
CVE-2021-33387 | Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a crafted get request. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-33387 |
CVE-2018-6678 | Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-6678 |
CVE-2019-10985 | In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10985 |
CVE-2020-3187 | A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences. An exploit could allow the attacker to view or delete arbitrary files on the targeted system. When the device is reloaded after exploitation of this vulnerability, any files that were deleted are restored. The attacker can only view and delete files within the web services file system. This file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability can not be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Reloading the affected device will restore all files within the web services file system. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-3187 |
CVE-2020-15175 | In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-15175 |
CVE-2021-39635 | ims_ex is a vendor system service used to manage VoLTE in unisoc devices?But it does not verify the caller's permissions?so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid ID: A-206492634 | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-39635 |
CVE-2022-35409 | An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-35409 |
CVE-2022-39227 | python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. Users should upgrade to version 3.3.4. There are no known workarounds. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-39227 |
CVE-2022-35255 | A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-35255 |
CVE-2023-23914 | A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-23914 |
CVE-2023-26468 | Cerebrate 1.12 does not properly consider organisation_id during creation of API keys. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26468 |
CVE-2022-4203 | A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4203 |
CVE-2023-26033 | Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects (in user preferences) the "Recently Visited Packages" view for the index page, the value of the `search_history` cookie is used as a base64 encoded comma separated list of atoms. These are string loaded directly into the SQL query with `atom = '%s'` format string. As a result, any user can modify the browser's cookie value and inject most SQL queries. A proof of concept malformed cookie was generated that wiped the database or changed it's content. On the database, only public data is stored, so there is no confidentiality issues to site users. If it is known that the database was modified, a full restoration of data is possible by performing a full database wipe and performing full update of all components. This issue is patched with commit id 5ae9ca83b73. Version 1.0.1 contains the patch. If users are unable to upgrade immediately, the following workarounds may be applied: (1.) Use a proxy to always drop the `search_history` cookie until upgraded. The impact on user experience is low. (2.) Sanitize to the value of `search_history` cookie after base64 decoding it. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26033 |
CVE-2022-34909 | An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34909 |
CVE-2021-32852 | Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11. | 9 | https://nvd.nist.gov/vuln/detail/CVE-2021-32852 |
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2018-8905 | In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-8905 |
CVE-2018-6493 | SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-6493 |
CVE-2018-11516 | The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-11516 |
CVE-2018-6496 | Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-6496 |
CVE-2018-6497 | Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-6497 |
CVE-2019-6128 | The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-6128 |
CVE-2019-10656 | Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10656 |
CVE-2019-10658 | Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10658 |
CVE-2019-10659 | Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10659 |
CVE-2019-10660 | Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10660 |
CVE-2019-10662 | Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10662 |
CVE-2019-11008 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11008 |
CVE-2019-11505 | In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11505 |
CVE-2019-11506 | In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11506 |
CVE-2019-3628 | Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-3628 |
CVE-2019-10987 | In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10987 |
CVE-2019-13298 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13298 |
CVE-2019-13299 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13299 |
CVE-2019-13302 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13302 |
CVE-2019-13303 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13303 |
CVE-2019-13308 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13308 |
CVE-2019-12747 | TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12747 |
CVE-2018-14550 | An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-14550 |
CVE-2019-11711 | When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11711 |
CVE-2019-14418 | An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14418 |
CVE-2019-1901 | A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to the targeted device. A successful exploit may lead to a buffer overflow condition that could either cause a DoS condition or allow the attacker to execute arbitrary code with root privileges. Note: This vulnerability cannot be exploited by transit traffic through the device; the crafted packet must be targeted to a directly connected interface. This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI mode if they are running a Cisco Nexus 9000 Series ACI Mode Switch Software release prior to 13.2(7f) or any 14.x release. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1901 |
CVE-2019-10961 | In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10961 |
CVE-2019-14347 | Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14347 |
CVE-2015-9307 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-9307 |
CVE-2015-9308 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-9308 |
CVE-2015-9309 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-9309 |
CVE-2016-10884 | The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-10884 |
CVE-2019-1170 | An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape, aka 'Windows NTFS Elevation of Privilege Vulnerability'. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1170 |
CVE-2019-3417 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-3417 |
CVE-2019-11932 | A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11932 |
CVE-2020-5511 | PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-5511 |
CVE-2020-12689 | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-12689 |
CVE-2020-15565 | An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-15565 |
CVE-2021-25296 | Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-25296 |
CVE-2021-25297 | Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-25297 |
CVE-2021-25298 | Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-25298 |
CVE-2021-32629 | Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a Wasm program. This bug was introduced in the new backend on 2020-09-08 and first included in a release on 2020-09-30, but the new backend was not the default prior to 0.73. The recently-released version 0.73 with default settings, and prior versions with an explicit build flag to select the new backend, are vulnerable. The bug in question performs a sign-extend instead of a zero-extend on a value loaded from the stack, under a specific set of circumstances. If those circumstances occur, the bug could allow access to memory addresses upto 2GiB before the start of the Wasm program heap. If the heap bound is larger than 2GiB, then it would be possible to read memory from a computable range dependent on the size of the heaps bound. The impact of this bug is highly dependent on heap implementation, specifically: * if the heap has bounds checks, and * does not rely exclusively on guard pages, and * the heap bound is 2GiB or smaller * then this bug cannot be used to reach memory from another Wasm program heap. The impact of the vulnerability is mitigated if there is no memory mapped in the range accessible using this bug, for example, if there is a 2 GiB guard region before the Wasm program heap. The bug in question performs a sign-extend instead of a zero-extend on a value loaded from the stack, when the register allocator reloads a spilled integer value narrower than 64 bits. This interacts poorly with another optimization: the instruction selector elides a 32-to-64-bit zero-extend operator when we know that an instruction producing a 32-bit value actually zeros the upper 32 bits of its destination register. Hence, we rely on these zeroed bits, but the type of the value is still i32, and the spill/reload reconstitutes those bits as the sign extension of the i32’s MSB. The issue would thus occur when: * An i32 value in a Wasm program is greater than or equal to 0x8000_0000; * The value is spilled and reloaded by the register allocator due to high register pressure in the program between the value’s definition and its use; * The value is produced by an instruction that we know to be “special� in that it zeroes the upper 32 bits of its destination: add, sub, mul, and, or; * The value is then zero-extended to 64 bits in the Wasm program; * The resulting 64-bit value is used. Under these circumstances there is a potential sandbox escape when the i32 value is a pointer. The usual code emitted for heap accesses zero-extends the Wasm heap address, adds it to a 64-bit heap base, and accesses the resulting address. If the zero-extend becomes a sign-extend, the program could reach backward and access memory up to 2GiB before the start of its heap. In addition to assessing the nature of the code generation bug in Cranelift, we have also determined that under specific circumstances, both Lucet and Wasmtime using this version of Cranelift may be exploitable. See referenced GitHub Advisory for more details. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32629 |
CVE-2021-36741 | An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-36741 |
CVE-2021-41275 | spree_auth_devise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spree_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spree_auth_devise are affected if protect_from_forgery method is both: Executed whether as: A before_action callback (the default). A prepend_before_action (option prepend: true given) before the :load_object hook in Spree::UserController (most likely order to find). Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails --new generated skeleton use :exception). Users are advised to update their spree_auth_devise gem. For users unable to update it may be possible to change your strategy to :exception. Please see the linked GHSA for more workaround details. ### Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of `spree_auth_devise` are affected if `protect_from_forgery` method is both: * Executed whether as: * A before_action callback (the default) * A prepend_before_action (option prepend: true given) before the :load_object hook in Spree::UserController (most likely order to find). * Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails --new generated skeleton use :exception). That means that applications that haven't been configured differently from what it's generated with Rails aren't affected. Thanks @waiting-for-dev for reporting and providing a patch ? ### Patches Spree 4.3 users should update to spree_auth_devise 4.4.1 Spree 4.2 users should update to spree_auth_devise 4.2.1 ### Workarounds If possible, change your strategy to :exception: ```ruby class ApplicationController < ActionController::Base protect_from_forgery with: :exception end ``` Add the following to`config/application.rb `to at least run the `:exception` strategy on the affected controller: ```ruby config.after_initialize do Spree::UsersController.protect_from_forgery with: :exception end ``` ### References https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2 | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-41275 |
CVE-2022-24844 | Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. Users must: Require JWT login? and be using PostgreSQL to be affected. This issue has been resolved in version 2.5.1. There are no known workarounds. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24844 |
CVE-2022-41040 | Microsoft Exchange Server Elevation of Privilege Vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41040 |
CVE-2022-41082 | Microsoft Exchange Server Remote Code Execution Vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41082 |
CVE-2022-2637 | Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2637 |
CVE-2022-38181 | The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38181 |
CVE-2022-28169 | Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28169 |
CVE-2022-33179 | A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33179 |
CVE-2022-41128 | Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41128 |
CVE-2022-3970 | A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3970 |
CVE-2022-42896 | There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42896 |
CVE-2022-42716 | An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42716 |
CVE-2022-46340 | A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46340 |
CVE-2022-46341 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46341 |
CVE-2022-4564 | A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.1-alpha1 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4564 |
CVE-2022-4584 | A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216170 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4584 |
CVE-2022-4803 | Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4803 |
CVE-2022-4883 | A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4883 |
CVE-2023-22953 | In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22953 |
CVE-2023-25719 | ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector. NOTE: this CVE Record is only about the parameters, such as the h parameter (this CVE Record is not about the separate issue of signed executable files that are supposed to have unique configurations across customers' installations). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25719 |
CVE-2021-33926 | An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33926 |
CVE-2021-34164 | Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-34164 |
CVE-2022-40232 | IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40232 |
CVE-2022-40231 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 235533. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40231 |
CVE-2023-0903 | A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0903 |
CVE-2015-10081 | A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and classified as problematic. This issue affects some unknown processing of the file edit_list.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.0b2.9a is able to address this issue. The name of the patch is a739f680a1623d22f52ff1371e86ca472e63756f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221495. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-10081 |
CVE-2022-46836 | PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46836 |
CVE-2023-25812 | Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a `Deny` policy on ByPassGoverance. Ideally, minio should return "Access Denied" to all users attempting to DELETE a versionId with the special header `X-Amz-Bypass-Governance-Retention: true`. However, this was not honored instead the request will be honored and an object under governance would be incorrectly deleted. All users are advised to upgrade. There are no known workarounds for this issue. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25812 |
CVE-2023-20855 | VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20855 |
CVE-2023-26314 | The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26314 |
CVE-2022-41216 | Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential information from the system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41216 |
CVE-2022-43873 | An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43873 |
CVE-2023-0962 | A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file Master.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221632. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0962 |
CVE-2023-0927 | Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0927 |
CVE-2023-22973 | A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22973 |
CVE-2022-45600 | Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45600 |
CVE-2022-48341 | ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48341 |
CVE-2023-23659 | Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23659 |
CVE-2023-24384 | Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24384 |
CVE-2023-0988 | A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0. This issue affects some unknown processing of the file admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221681 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0988 |
CVE-2023-24415 | Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBot ? plugin <= 4.2.8 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24415 |
CVE-2023-20011 | A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20011 |
CVE-2023-23917 | A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may increase the impact of XSS to RCE which is dangerous for self-hosted users as well. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23917 |
CVE-2023-26325 | The 'rx_export_review' action in the ReviewX WordPress Plugin version < 1.6.4, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26325 |
CVE-2023-23294 | Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23294 |
CVE-2023-23295 | Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23295 |
CVE-2022-1607 | Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1607 |
CVE-2023-0997 | A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Moosikay/order.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221732. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0997 |
CVE-2023-0999 | A vulnerability classified as problematic was found in SourceCodester Sales Tracker Management System 1.0. This vulnerability affects unknown code of the file admin/?page=user/list. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221734 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0999 |
CVE-2021-34167 | Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-34167 |
CVE-2023-1033 | Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1033 |
CVE-2023-26034 | ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the `filter[Query][terms][0][attr]` query string parameter of the `/zm/index.php` endpoint. A user with the View or Edit permissions of Events may execute arbitrary SQL. The resulting impact can include unauthorized data access (and modification), authentication and/or authorization bypass, and remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26034 |
CVE-2023-1034 | Path Traversal: '\\..\\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1034 |
CVE-2023-26039 | ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26039 |
CVE-2022-48362 | Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48362 |
CVE-2023-1039 | A vulnerability classified as critical was found in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index3.php of the component POST Parameter Handler. The manipulation of the argument password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221797 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1039 |
CVE-2023-1044 | A vulnerability was found in MuYuCMS 2.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /editor/index.php. The manipulation of the argument file_path leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221803. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1044 |
CVE-2023-1046 | A vulnerability classified as critical has been found in MuYuCMS 2.2. This affects an unknown part of the file /admin.php/update/getFile.html. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221805 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1046 |
CVE-2023-1056 | A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edoc/doctor/patient.php. The manipulation of the argument search12 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221821 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1056 |
CVE-2023-1057 | A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been rated as critical. Affected by this issue is the function edoc of the file login.php. The manipulation of the argument usermail leads to sql injection. VDB-221822 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1057 |
CVE-2023-1058 | A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. This affects an unknown part of the file create-account.php. The manipulation of the argument newemail leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221823. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1058 |
CVE-2023-1059 | A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221824. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1059 |
CVE-2023-1061 | A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument oldmail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221825 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1061 |
CVE-2023-1062 | A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Affected is an unknown function of the file /admin/add-new.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221826 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1062 |
CVE-2023-1063 | A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/patient.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221827. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1063 |
CVE-2023-0381 | The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0381 |
CVE-2023-24364 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter under the Admin Panel. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24364 |
CVE-2023-24652 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24652 |
CVE-2023-24653 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24653 |
CVE-2023-24654 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Request a Quote function. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24654 |
CVE-2023-24656 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24656 |
CVE-2023-26759 | Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26759 |
CVE-2023-26762 | Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26762 |
CVE-2022-42826 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42826 |
CVE-2023-25266 | An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code execution (RCE). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25266 |
CVE-2019-10906 | In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-10906 |
CVE-2023-26102 | All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-26102 |
CVE-2018-5198 | In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-5198 |
CVE-2019-11007 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-11007 |
CVE-2019-12083 | The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-12083 |
CVE-2019-13616 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-13616 |
CVE-2018-2024 | IBM QRadar SIEM 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 155350. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-2024 |
CVE-2019-16255 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-16255 |
CVE-2020-11027 | In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-11027 |
CVE-2022-39263 | `@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use `next-auth` Email Provider and `@next-auth/upstash-redis-adapter` before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation did not check for both the identifier (email) and the token, but only checking for the identifier when verifying the token in the email callback flow. An attacker who knows about the victim's email could easily sign in as the victim, given the attacker also knows about the verification token's expired duration. The vulnerability is patched in v3.0.2. A workaround is available. Using Advanced Initialization, developers can check the requests and compare the query's token and identifier before proceeding. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-39263 |
CVE-2022-41674 | An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-41674 |
CVE-2022-31690 | Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-31690 |
CVE-2022-43548 | A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-43548 |
CVE-2023-0568 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0568 |
CVE-2021-3172 | An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-3172 |
CVE-2023-24317 | Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-24317 |
CVE-2023-26032 | ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could determine the HASH key used by ZoneMinder, they could generate a malicious JWT token and use it to execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26032 |
CVE-2023-1045 | A vulnerability was found in MuYuCMS 2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin.php/accessory/filesdel.html. The manipulation of the argument filedelur leads to relative path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221804. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1045 |
CVE-2019-0887 | A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2019-0887 |
CVE-2020-6007 | Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution. | 7.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-6007 |
CVE-2018-8822 | Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-8822 |
CVE-2018-6661 | DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-6661 |
CVE-2018-8781 | The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-8781 |
CVE-2018-6662 | Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-6662 |
CVE-2018-3931 | In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `putShapeProperty` method. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3931 |
CVE-2018-3922 | A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this vulnerability and gain code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3922 |
CVE-2018-19931 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-19931 |
CVE-2018-5200 | KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-5200 |
CVE-2018-11790 | When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-11790 |
CVE-2019-0135 | Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-0135 |
CVE-2019-6116 | In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-6116 |
CVE-2019-1785 | A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1785 |
CVE-2019-1773 | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1773 |
CVE-2018-3702 | Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3702 |
CVE-2019-0128 | Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-0128 |
CVE-2019-11117 | Improper permissions in the installer for Intel(R) Omni-Path Fabric Manager GUI before version 10.9.2.1.1 may allow an authenticated user to potentially enable escalation of privilege via local attack. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11117 |
CVE-2019-3735 | Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-3735 |
CVE-2019-4154 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-4154 |
CVE-2019-4322 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-4322 |
CVE-2019-13281 | In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13281 |
CVE-2019-13282 | In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13282 |
CVE-2019-13283 | In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13283 |
CVE-2019-5603 | In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5603 |
CVE-2019-14523 | An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14523 |
CVE-2019-14524 | An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14524 |
CVE-2014-8184 | A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2014-8184 |
CVE-2019-13106 | Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13106 |
CVE-2019-14745 | In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14745 |
CVE-2019-1925 | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1925 |
CVE-2019-1924 | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1924 |
CVE-2019-3742 | Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-3742 |
CVE-2019-14934 | An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14934 |
CVE-2019-13513 | In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13513 |
CVE-2019-13514 | In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure, remote code execution, or crash of the application. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13514 |
CVE-2019-10978 | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10978 |
CVE-2019-10996 | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10996 |
CVE-2019-16905 | OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16905 |
CVE-2019-1393 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1393 |
CVE-2019-1394 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1394 |
CVE-2019-1395 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1395 |
CVE-2019-1396 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1408, CVE-2019-1434. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1396 |
CVE-2019-1405 | An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1405 |
CVE-2019-1408 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1434. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1408 |
CVE-2019-7201 | An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-7201 |
CVE-2020-13428 | A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13428 |
CVE-2020-0202 | In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11 Android ID: A-142936525 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-0202 |
CVE-2020-0215 | In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1 Android ID: A-140417248 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-0215 |
CVE-2013-4536 | An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2013-4536 |
CVE-2020-25736 | Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-25736 |
CVE-2021-33909 | fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33909 |
CVE-2021-37576 | arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-37576 |
CVE-2021-38300 | arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-38300 |
CVE-2021-43057 | An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-43057 |
CVE-2021-34866 | This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-34866 |
CVE-2021-3760 | A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-3760 |
CVE-2022-24750 | UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.1. Users unable to upgrade should not install and run UltraVNC server as a service. It is advisable to create a scheduled task on a low privilege account to launch WinVNC.exe instead. There are no known workarounds if winvnc needs to be started as a service. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24750 |
CVE-2022-0500 | A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0500 |
CVE-2022-0995 | An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0995 |
CVE-2022-0998 | An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0998 |
CVE-2022-1652 | Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1652 |
CVE-2022-1786 | A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1786 |
CVE-2022-35861 | pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. (Shims are executables that pass a command along to a specific version of pyenv. The version string is used to construct the path to the command, and there is no validation of whether the version specified is a valid version. Thus, relative path traversal can occur.) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-35861 |
CVE-2022-41322 | In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41322 |
CVE-2022-42720 | Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42720 |
CVE-2022-3545 | A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3545 |
CVE-2022-33210 | Memory corruption in automotive multimedia due to use of out-of-range pointer offset while parsing command request packet with a very large type value. in Snapdragon Auto | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33210 |
CVE-2022-33184 | A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33184 |
CVE-2022-41973 | multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41973 |
CVE-2022-41974 | multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41974 |
CVE-2022-32915 | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32915 |
CVE-2022-41073 | Windows Print Spooler Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41073 |
CVE-2022-41125 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41125 |
CVE-2022-45934 | An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45934 |
CVE-2022-45939 | GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45939 |
CVE-2022-44710 | DirectX Graphics Kernel Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44710 |
CVE-2022-26582 | The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 fails to check for dollar signs or backticks in user supplied commands, leading to to arbitrary command execution as root. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26582 |
CVE-2022-44750 | HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754. This vulnerability applies to software previously licensed by IBM. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44750 |
CVE-2022-44751 | HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755. This vulnerability applies to software previously licensed by IBM. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44751 |
CVE-2022-44752 | HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44752 |
CVE-2022-44753 | HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44753 |
CVE-2022-44754 | HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. This vulnerability applies to software previously licensed by IBM. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44754 |
CVE-2022-44755 | HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44755 |
CVE-2023-23559 | In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23559 |
CVE-2022-30530 | Protection mechanism failure in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30530 |
CVE-2022-32570 | Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32570 |
CVE-2022-34153 | Improper initialization in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34153 |
CVE-2022-34157 | Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may allow authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34157 |
CVE-2022-36278 | Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36278 |
CVE-2022-36348 | Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36348 |
CVE-2022-36398 | Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36398 |
CVE-2022-21163 | Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-21163 |
CVE-2022-27808 | Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27808 |
CVE-2022-32575 | Out-of-bounds write in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32575 |
CVE-2022-34843 | Integer overflow in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34843 |
CVE-2022-34864 | Out-of-bounds read in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34864 |
CVE-2022-36369 | Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36369 |
CVE-2022-36397 | Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36397 |
CVE-2022-36416 | Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36416 |
CVE-2022-41314 | Uncontrolled search path in some Intel(R) Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41314 |
CVE-2023-0887 | A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The associated identifier of this vulnerability is VDB-221351. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0887 |
CVE-2021-33983 | Buffer Overflow vulnerability in Dvidelabs flatcc v.0.6.0 allows local attacker to execute arbitrary code via the fltacc execution of the error_ref_sym function. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33983 |
CVE-2023-21619 | FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21619 |
CVE-2023-21621 | FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21621 |
CVE-2023-21622 | FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21622 |
CVE-2023-22234 | Adobe Premiere Rush version 2.6 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22234 |
CVE-2023-22236 | Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22236 |
CVE-2023-22243 | Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22243 |
CVE-2023-22244 | Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22244 |
CVE-2023-22246 | Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22246 |
CVE-2023-0908 | A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184. This affects the function MessageNotifyCallback in the library xlkfs.sys. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221457 was assigned to this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0908 |
CVE-2016-15026 | A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The name of the patch is 8c954e8d9f6f6863729e50105a8abf3f87fff74c. It is recommended to upgrade the affected component. VDB-221486 is the identifier assigned to this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-15026 |
CVE-2022-47909 | Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47909 |
CVE-2022-48321 | Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48321 |
CVE-2022-48339 | An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48339 |
CVE-2023-26242 | afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26242 |
CVE-2023-24575 | Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24575 |
CVE-2023-0104 | The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0104 |
CVE-2023-0996 | There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0996 |
CVE-2023-1004 | A vulnerability has been found in MarkText up to 0.17.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1004 |
CVE-2023-1005 | A vulnerability was found in JP1016 Markdown-Electron and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-221738 is the identifier assigned to this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1005 |
CVE-2023-1007 | A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects unknown code in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1007 |
CVE-2023-26544 | In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26544 |
CVE-2023-26545 | In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26545 |
CVE-2023-1047 | A vulnerability classified as critical was found in TechPowerUp RealTemp 3.7.0.0. This vulnerability affects unknown code in the library WinRing0x64.sys. The manipulation leads to improper initialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-221806 is the identifier assigned to this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1047 |
CVE-2023-1048 | A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1048 |
CVE-2023-26605 | In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26605 |
CVE-2023-26606 | In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26606 |
CVE-2022-45697 | Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45697 |
CVE-2022-32949 | This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32949 |
CVE-2022-42797 | An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42797 |
CVE-2023-23507 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23507 |
CVE-2023-20933 | In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20933 |
CVE-2023-20934 | In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-258672042 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20934 |
CVE-2023-20937 | In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257443051References: Upstream kernel | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20937 |
CVE-2023-20938 | In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream kernel | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20938 |
CVE-2023-20939 | In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20939 |
CVE-2023-20940 | In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256237041 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20940 |
CVE-2023-20943 | In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20943 |
CVE-2023-20944 | In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-244154558 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20944 |
CVE-2023-20945 | In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-246932269 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20945 |
CVE-2018-19571 | GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. | 7.7 | https://nvd.nist.gov/vuln/detail/CVE-2018-19571 |
CVE-2017-1002153 | Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-1002153 |
CVE-2018-11803 | Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-11803 |
CVE-2019-11499 | In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-11499 |
CVE-2019-11494 | In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-11494 |
CVE-2018-15811 | DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-15811 |
CVE-2018-15812 | DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-15812 |
CVE-2018-18325 | DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-18325 |
CVE-2018-18326 | DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-18326 |
CVE-2019-4193 | IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-force ID: 159032. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-4193 |
CVE-2019-1010142 | scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1010142 |
CVE-2019-14211 | An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14211 |
CVE-2019-14213 | An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during CSG_SignatureF and CPDF_Document destruction. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14213 |
CVE-2019-13126 | An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-13126 |
CVE-2019-14459 | nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14459 |
CVE-2019-14513 | Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14513 |
CVE-2016-5431 | The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-5431 |
CVE-2019-10371 | A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10371 |
CVE-2019-10381 | Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10381 |
CVE-2019-14806 | Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14806 |
CVE-2019-13418 | Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-13418 |
CVE-2019-10428 | Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10428 |
CVE-2019-18676 | An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-18676 |
CVE-2019-9674 | Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-9674 |
CVE-2020-11076 | In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-11076 |
CVE-2020-11077 | In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-11077 |
CVE-2020-13757 | Python-RSA before 4.1 ignores leading '\\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13757 |
CVE-2020-12000 | The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-12000 |
CVE-2020-7685 | This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-7685 |
CVE-2020-28367 | Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-28367 |
CVE-2021-29024 | In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file download. Allowing an attacker to directory traversal and download files suppose to be private without authentication. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-29024 |
CVE-2021-33623 | The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33623 |
CVE-2021-33587 | The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33587 |
CVE-2021-33193 | A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33193 |
CVE-2022-0918 | A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0918 |
CVE-2022-30634 | Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30634 |
CVE-2022-30630 | Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30630 |
CVE-2022-30631 | Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30631 |
CVE-2022-30632 | Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30632 |
CVE-2022-30633 | Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30633 |
CVE-2022-30635 | Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30635 |
CVE-2022-32189 | A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32189 |
CVE-2022-35734 | 'Hulu / ????' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35734 |
CVE-2021-45454 | Ampere Altra before SRP 1.08b and Altra Max? before SRP 2.05 allow information disclosure of power telemetry via HWmon. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-45454 |
CVE-2022-27812 | Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27812 |
CVE-2021-42521 | There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-42521 |
CVE-2022-36537 | ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36537 |
CVE-2022-0934 | A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0934 |
CVE-2022-38152 | An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38152 |
CVE-2022-36620 | D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36620 |
CVE-2022-40023 | Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40023 |
CVE-2022-32190 | JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32190 |
CVE-2022-40149 | Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40149 |
CVE-2022-40150 | Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40150 |
CVE-2022-38178 | By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38178 |
CVE-2022-3204 | A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3204 |
CVE-2022-21222 | The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21222 |
CVE-2022-2879 | Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2879 |
CVE-2022-2880 | Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2880 |
CVE-2022-41715 | Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41715 |
CVE-2022-41323 | In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41323 |
CVE-2022-3623 | A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211921 was assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3623 |
CVE-2022-35267 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_https_cert_file/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35267 |
CVE-2022-44556 | Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44556 |
CVE-2022-23831 | Insufficient validation of the IOCTL input buffer in AMD ?Prof may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23831 |
CVE-2022-27674 | Insufficient validation in the IOCTL input/output buffer in AMD ?Prof may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27674 |
CVE-2022-41881 | Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41881 |
CVE-2022-31703 | The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31703 |
CVE-2022-3109 | An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3109 |
CVE-2023-22895 | The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22895 |
CVE-2023-22493 | RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. An attacker could also use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack. The patch for this issue can be found in commit a66cbcf. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22493 |
CVE-2023-0122 | A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0122 |
CVE-2023-24021 | Incorrect handling of '\\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24021 |
CVE-2022-38725 | An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38725 |
CVE-2023-23969 | In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23969 |
CVE-2022-44617 | A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44617 |
CVE-2022-46285 | A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46285 |
CVE-2023-24580 | An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24580 |
CVE-2023-0361 | A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0361 |
CVE-2022-35729 | Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35729 |
CVE-2022-47703 | TIANJIE CPE906-3 is vulnerable to password disclosure. This is present on Software Version WEB5.0_LCD_20200513, Firmware Version MV8.003, and Hardware Version CPF906-V5.0_LCD_20200513. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47703 |
CVE-2022-41734 | IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41734 |
CVE-2022-43930 | IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43930 |
CVE-2022-34351 | IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34351 |
CVE-2023-26081 | In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26081 |
CVE-2023-24998 | Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24998 |
CVE-2023-25570 | Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers may access eureka directly to mock apollo-configservice and apollo-adminservice. Login authentication for eureka was added in version 2.1.0. As a workaround, avoid exposing apollo-configservice to the internet. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25570 |
CVE-2023-25656 | notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is impacted. The problem has been patched in the release v1.0.0-rc.3. Some workarounds are available. Users can review their own trust policy file and check if the identity string contains `=#`. Meanwhile, users should only put trusted certificates in their trust stores referenced by their own trust policy files, and make sure the `authenticity` validation is set to `enforce`. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25656 |
CVE-2021-32848 | Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-32848 |
CVE-2022-46303 | Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local permissions. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46303 |
CVE-2019-25104 | A vulnerability has been found in rtcwcoop 1.0.2 and classified as problematic. Affected by this vulnerability is the function AICast_ScriptLoad of the file code/game/ai_cast_script.c of the component Team Command Handler. The manipulation leads to denial of service. The name of the patch is f2cd18bc2e1cbca8c4b78bee9c392272bd5f42ac. It is recommended to apply a patch to fix this issue. The identifier VDB-221485 was assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-25104 |
CVE-2022-44216 | Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44216 |
CVE-2023-26249 | Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26249 |
CVE-2023-26253 | In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26253 |
CVE-2022-31394 | Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31394 |
CVE-2015-10085 | A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2015-10085 |
CVE-2022-2883 | In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2883 |
CVE-2023-23063 | Cellinx NVT v1.0.6.002b is vulnerable to local file disclosure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23063 |
CVE-2023-23040 | TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23040 |
CVE-2023-25579 | Nextcloud server is a self hosted home cloud product. In affected versions the `OC\\Files\\Node\\Folder::getFullPath()` function was validating and normalizing the string in the wrong order. The function is used in the `newFile()` and `newFolder()` items, which may allow to creation of paths outside of ones own space and overwriting data from other users with crafted paths. This issue has been addressed in versions 25.0.2, 24.0.8, and 23.0.12. Users are advised to upgrade. There are no known workarounds for this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25579 |
CVE-2023-22974 | A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22974 |
CVE-2022-4492 | The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4492 |
CVE-2023-23916 | An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23916 |
CVE-2023-23918 | A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23918 |
CVE-2023-23919 | A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23919 |
CVE-2023-25824 | Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This could be exploited for denial of service attacks. If trace level logging was enabled, it would also produce an excessive amount of log output during the loop, consuming disk space. The problem has been fixed in commit d7eec4e598158ab6a98bf505354e84352f9715ec, please update to version 0.12.1. There are no workarounds, users who cannot update should apply the errno fix detailed in the security advisory. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25824 |
CVE-2023-0994 | Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0994 |
CVE-2023-25692 | Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25692 |
CVE-2023-25956 | Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25956 |
CVE-2022-44310 | In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44310 |
CVE-2021-34249 | SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-34249 |
CVE-2023-25821 | Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25821 |
CVE-2023-26103 | Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to significantly slow down a web socket server. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26103 |
CVE-2023-26104 | All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26104 |
CVE-2022-48363 | In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48363 |
CVE-2023-26257 | An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26257 |
CVE-2022-34908 | An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34908 |
CVE-2023-23108 | In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23108 |
CVE-2023-23109 | In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23109 |
CVE-2022-40237 | IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40237 |
CVE-2022-4550 | The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4550 |
CVE-2023-0331 | The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0331 |
CVE-2023-25235 | Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function formOneSsidCfgSet via parameter ssid. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25235 |
CVE-2023-26758 | Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26758 |
CVE-2023-26760 | Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. This vulnerability allows attackers to access cleartext credentials needed to authenticate to the AS400 system. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26760 |
CVE-2022-48230 | There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to DoS. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48230 |
CVE-2022-48260 | There is a buffer overflow vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to device service exceptions. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48260 |
CVE-2022-48261 | There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation of this vulnerability may cause the printer service to be abnormal. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48261 |
CVE-2022-32830 | An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.6, iOS 15.6 and iPadOS 15.6. Processing a maliciously crafted image may lead to disclosure of user information. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32830 |
CVE-2022-32836 | This issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32836 |
CVE-2023-25264 | An issue was discovered in Docmosis Tornado prior to version 2.9.5. An unauthenticated attacker can bypass the authentication check filter completely by introducing a specially crafted request with relative path segments. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25264 |
CVE-2023-25265 | Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25265 |
CVE-2023-26255 | An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26255 |
CVE-2023-26256 | An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26256 |
CVE-2023-20948 | In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-230630526 | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20948 |
CVE-2022-47075 | An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47075 |
CVE-2022-47076 | An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47076 |
CVE-2018-6683 | Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-6683 |
CVE-2019-0130 | Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-0130 |
CVE-2019-7615 | A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-7615 |
CVE-2014-8183 | It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2014-8183 |
CVE-2019-1910 | A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of crafted IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending a crafted link-state PDU to an affected system to be processed. A successful exploit could allow the attacker to cause all routers within the IS–IS area to unexpectedly restart the IS–IS process, resulting in a DoS condition. This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XR Software earlier than Release 6.6.3 and are configured with the IS–IS routing protocol. Cisco has confirmed that this vulnerability affects both Cisco IOS XR 32-bit Software and Cisco IOS XR 64-bit Software. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-1910 |
CVE-2019-14899 | A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-14899 |
CVE-2020-13777 | GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-13777 |
CVE-2019-0164 | Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-0164 |
CVE-2019-3613 | DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-3613 |
CVE-2022-46908 | SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-46908 |
CVE-2022-48285 | loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-48285 |
CVE-2022-37329 | Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-37329 |
CVE-2022-37340 | Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-37340 |
CVE-2022-48338 | An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-48338 |
CVE-2019-14416 | An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-14416 |
CVE-2019-1936 | A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-1936 |
CVE-2021-29350 | SQL injection in the getip function in conn/function.php in ??100-???????? 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-29350 |
CVE-2022-39265 | MyBB is a free and open source forum software. The _Mail Settings_ ? Additional Parameters for PHP's mail() function mail_parameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution (RCE). The vulnerable module requires Admin CP access with the `_Can manage settings?_` permission and may depend on configured file permissions. MyBB 1.8.31 resolves this issue with the commit `0cd318136a`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-39265 |
CVE-2022-33178 | A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-33178 |
CVE-2022-46560 | D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan2Settings module. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-46560 |
CVE-2022-46561 | D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWanSettings module. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-46561 |
CVE-2022-46562 | D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the PSK parameter in the SetQuickVPNSettings module. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-46562 |
CVE-2022-46563 | D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetDynamicDNSSettings module. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-46563 |
CVE-2022-46566 | D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetQuickVPNSettings module. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-46566 |
CVE-2022-46568 | D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the AccountPassword parameter in the SetSysEmailSettings module. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-46568 |
CVE-2022-46569 | D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Key parameter in the SetWLanRadioSecurity module. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-46569 |
CVE-2022-46570 | D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan3Settings module. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-46570 |
CVE-2022-4268 | The Plugin Logic WordPress plugin before 1.0.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-4268 |
CVE-2022-48282 | Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior to and including v2.18.0 | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-48282 |
CVE-2023-20858 | VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-20858 |
CVE-2021-35290 | File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-35290 |
CVE-2023-26609 | ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-26609 |
CVE-2023-0278 | The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-0278 |
CVE-2023-0279 | The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-0279 |
CVE-2023-0487 | The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-0487 |
CVE-2023-24249 | An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-24249 |
CVE-2023-25432 | An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/course/course-update.php. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-25432 |
CVE-2023-22762 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-22762 |
CVE-2023-22763 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-22763 |
CVE-2023-22764 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-22764 |
CVE-2023-22765 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-22765 |
CVE-2023-22766 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-22766 |
CVE-2023-22767 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-22767 |
CVE-2023-22768 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-22768 |
CVE-2023-22769 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-22769 |
CVE-2023-22770 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-22770 |
CVE-2021-4204 | An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-4204 |
CVE-2023-26607 | In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26607 |
CVE-2023-1070 | External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1070 |
CVE-2019-19921 | runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) | 7 | https://nvd.nist.gov/vuln/detail/CVE-2019-19921 |
CVE-2020-13162 | A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2020-13162 |
CVE-2022-26837 | Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-26837 |
CVE-2022-32764 | Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-32764 |
CVE-2022-26580 | PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have physical USB access to the device in order to exploit this vulnerability. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26580 |
CVE-2022-26581 | PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26581 |
CVE-2023-0739 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in GitHub repository answerdev/answer prior to 1.0.4. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0739 |
CVE-2022-28810 | Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field. | 6.8 | |
CVE-2019-1774 | A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2019-1774 |
CVE-2019-1775 | A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2019-1775 |
CVE-2019-1776 | A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2019-1776 |
CVE-2019-1778 | A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2019-1778 |
CVE-2020-12770 | An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-12770 |
CVE-2022-30539 | Use after free in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-30539 |
CVE-2022-30704 | Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-30704 |
CVE-2022-32231 | Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-32231 |
CVE-2022-33196 | Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-33196 |
CVE-2018-10998 | An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-10998 |
CVE-2018-18897 | An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-18897 |
CVE-2018-19107 | In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-19107 |
CVE-2018-20662 | In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-20662 |
CVE-2018-18809 | The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-18809 |
CVE-2019-10657 | Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10657 |
CVE-2019-1002100 | In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1002100 |
CVE-2019-11026 | FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-11026 |
CVE-2019-11474 | coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-11474 |
CVE-2019-11000 | An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-11000 |
CVE-2019-12252 | In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-12252 |
CVE-2018-2028 | IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-2028 |
CVE-2019-3629 | Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-3629 |
CVE-2019-4386 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-4386 |
CVE-2019-13296 | ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-13296 |
CVE-2019-13310 | ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-13310 |
CVE-2018-19583 | GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-19583 |
CVE-2019-13626 | SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-13626 |
CVE-2019-11721 | The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox < 68. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-11721 |
CVE-2019-5605 | In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32_ioctl interface, small amounts of kernel memory may be disclosed to userland processes. This may allow an attacker to leverage this information to obtain elevated privileges either directly or indirectly. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5605 |
CVE-2019-14372 | In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14372 |
CVE-2019-14442 | In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14442 |
CVE-2019-14443 | An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14443 |
CVE-2018-20860 | libopenmpt before 0.3.13 allows a crash with malformed MED files. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-20860 |
CVE-2019-14380 | libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14380 |
CVE-2019-14382 | DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14382 |
CVE-2019-14383 | J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14383 |
CVE-2019-10382 | Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10382 |
CVE-2019-14980 | In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14980 |
CVE-2019-14973 | _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14973 |
CVE-2019-15141 | WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-15141 |
CVE-2019-14245 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14245 |
CVE-2019-14246 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14246 |
CVE-2019-10990 | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10990 |
CVE-2019-10425 | Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10425 |
CVE-2015-5361 | Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration.? Note that the ftps-extensions option is not enabled by default. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2015-5361 |
CVE-2020-13231 | In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13231 |
CVE-2020-12803 | ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-12803 |
CVE-2020-0213 | In hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp.s, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10 Android-11 Android ID: A-143464314 | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-0213 |
CVE-2020-5421 | In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-5421 |
CVE-2022-1289 | A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1289 |
CVE-2022-36996 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36996 |
CVE-2022-1705 | Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1705 |
CVE-2022-32148 | Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32148 |
CVE-2022-34868 | Authenticated Arbitrary Settings Update vulnerability in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34868 |
CVE-2022-28170 | Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28170 |
CVE-2022-35256 | The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35256 |
CVE-2022-35260 | curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35260 |
CVE-2022-41915 | Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41915 |
CVE-2022-4799 | Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4799 |
CVE-2022-4812 | Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4812 |
CVE-2023-0298 | Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0298 |
CVE-2023-25136 | OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25136 |
CVE-2022-27234 | Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27234 |
CVE-2021-32847 | HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior, a malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to the disclosure of the host memory into the virtualized guest. This issue is fixed in commit cf60095a4d8c3cb2e182a14415467afd356e982f. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-32847 |
CVE-2023-26267 | php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \\LIBXML_DTDLOAD | \\LIBXML_DTDATTR. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26267 |
CVE-2023-0936 | A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221552. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0936 |
CVE-2023-23009 | Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23009 |
CVE-2022-43870 | IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43870 |
CVE-2023-25621 | Privilege Escalation vulnerability in Apache Software Foundation Apache Sling. Any content author is able to create i18n dictionaries in the repository in a location the author has write access to. As these translations are used across the whole product, it allows an author to change any text or dialog in the product. For example an attacker might fool someone by changing the text on a delete button to "Info". This issue affects the i18n module of Apache Sling up to version 2.5.18. Version 2.6.2 and higher limit by default i18m dictionaries to certain paths in the repository (/libs and /apps). Users of the module are advised to update to version 2.6.2 or higher, check the configuration for resource loading and then adjust the access permissions for the configured path accordingly. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25621 |
CVE-2023-0815 | Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0815 |
CVE-2023-20089 | A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20089 |
CVE-2023-23915 | A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23915 |
CVE-2023-23296 | Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23296 |
CVE-2023-1002 | A vulnerability, which was classified as problematic, has been found in MuYuCMS 2.2. This issue affects some unknown processing of the file index.php. The manipulation of the argument file_path leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221735. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1002 |
CVE-2021-35369 | Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the filtering_get_contents function. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35369 |
CVE-2023-25816 | Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround is available. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25816 |
CVE-2023-26038 | ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrary php file path can be passed in the request and loaded. This issue is patched in versions 1.36.33 and 1.37.33. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26038 |
CVE-2021-3329 | Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3329 |
CVE-2022-31405 | MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31405 |
CVE-2023-27264 | A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27264 |
CVE-2022-32784 | The issue was addressed with improved UI handling. This issue is fixed in Safari 15.6, iOS 15.6 and iPadOS 15.6. Visiting a maliciously crafted website may leak sensitive data. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32784 |
CVE-2023-23512 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Visiting a website may lead to an app denial-of-service. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23512 |
CVE-2023-22773 | Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22773 |
CVE-2023-22774 | Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22774 |
CVE-2023-24128 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24128 |
CVE-2023-24129 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24129 |
CVE-2023-24130 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24130 |
CVE-2023-24131 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1_5g parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24131 |
CVE-2023-24132 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3_5g parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24132 |
CVE-2023-24133 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey_5g parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24133 |
CVE-2023-24134 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24134 |
CVE-2023-24117 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth_5g parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24117 |
CVE-2023-24118 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24118 |
CVE-2023-24119 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24119 |
CVE-2023-24120 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24120 |
CVE-2023-24121 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24121 |
CVE-2023-24122 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid_5g parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24122 |
CVE-2023-24123 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24123 |
CVE-2023-24124 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24124 |
CVE-2023-24125 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2_5g parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24125 |
CVE-2023-24126 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4_5g parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24126 |
CVE-2023-24127 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24127 |
CVE-2022-20078 | In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05852819; Issue ID: ALPS05852819. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-20078 |
CVE-2020-3350 | A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-3350 |
CVE-2022-32844 | A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-32844 |
CVE-2018-3820 | Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-3820 |
CVE-2018-3821 | Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-3821 |
CVE-2018-3830 | Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-3830 |
CVE-2018-6682 | Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-6682 |
CVE-2018-19615 | Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted userâ??s web browser to gain access to the affected device. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-19615 |
CVE-2017-1002152 | Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-1002152 |
CVE-2019-1566 | The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-1566 |
CVE-2019-10887 | A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name= request. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10887 |
CVE-2019-12748 | TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-12748 |
CVE-2019-12537 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-12537 |
CVE-2019-12595 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-12595 |
CVE-2019-12596 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-12596 |
CVE-2019-12597 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-12597 |
CVE-2018-2021 | IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155345. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-2021 |
CVE-2019-11720 | Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-11720 |
CVE-2019-13387 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing website. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-13387 |
CVE-2019-14364 | An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-14364 |
CVE-2019-10372 | An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10372 |
CVE-2019-10376 | A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10376 |
CVE-2015-9297 | The events-manager plugin before 5.6 for WordPress has XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2015-9297 |
CVE-2015-9302 | The simple-fields plugin before 1.4.11 for WordPress has XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2015-9302 |
CVE-2016-10867 | The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-10867 |
CVE-2014-10377 | The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2014-10377 |
CVE-2017-18559 | The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-18559 |
CVE-2020-10246 | MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statistics_orgs.ctp. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-10246 |
CVE-2020-10247 | MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-10247 |
CVE-2020-11029 | In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-11029 |
CVE-2020-13964 | An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-13964 |
CVE-2021-20733 | Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-20733 |
CVE-2021-24410 | The తెల�గ� బైబిల� వచనమ�ల� WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses containing JavaScript code in them, leading to Stored XSS issues | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-24410 |
CVE-2021-22822 | A CWE-79 Improper Neutralization of Input During Web Page Generation (?Cross-site Scripting?) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-22822 |
CVE-2022-29172 | Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the “additional signup fields� feature [is configured](https://github.com/auth0/lock#additional-sign-up-fields), a malicious actor can inject invalidated HTML code into these additional fields, which is then stored in the service `user_metdata` payload (using the `name` property). Verification emails, when applicable, are generated using this metadata. It is therefor possible for an actor to craft a malicious link by injecting HTML, which is then rendered as the recipient's name within the delivered email template. You are impacted by this vulnerability if you are using `auth0-lock` version `11.32.2` or lower and are using the “additional signup fields� feature in your application. Upgrade to version `11.33.0`. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29172 |
CVE-2022-23081 | In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-23081 |
CVE-2022-3844 | A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The name of the patch is d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-3844 |
CVE-2022-4495 | A vulnerability, which was classified as problematic, has been found in collective.dms.basecontent up to 1.6. This issue affects the function renderCell of the file src/collective/dms/basecontent/browser/column.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.7 is able to address this issue. The name of the patch is 6c4d616fcc771822a14ebae5e23f3f6d96d134bd. It is recommended to upgrade the affected component. The identifier VDB-215813 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4495 |
CVE-2022-4524 | A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.0.x. Affected is the function language_attributes of the file src/Modules/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.0 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4524 |
CVE-2022-4525 | A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 58.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 59.0.0.rc is able to address this issue. The name of the patch is da44a3893b407087829b006d09339780919714cd. It is recommended to upgrade the affected component. The identifier VDB-215905 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4525 |
CVE-2022-4560 | A vulnerability was found in Joget up to 7.0.31. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.32 is able to address this issue. The name of the patch is ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4560 |
CVE-2021-4263 | A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 0f9733c890077942150696dcc6d2b1482b7a0a19. It is recommended to apply a patch to fix this issue. The identifier VDB-216461 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-4263 |
CVE-2016-15025 | A vulnerability, which was classified as problematic, was found in generator-hottowel 0.0.11. Affected is an unknown function of the file app/templates/src/server/_app.js of the component 404 Error Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is c17092fd4103143a9ddab93c8983ace8bf174396. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221484. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-15025 |
CVE-2016-15027 | A vulnerability was found in meta4creations Post Duplicator Plugin 2.18. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.19 is able to address this issue. The name of the patch is ca67c05e490c0cf93a1e9b2d93bfeff3dd96f594. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221496. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-15027 |
CVE-2022-3901 | Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-3901 |
CVE-2021-32850 | jQuery MiniColors is a color picker built on jQuery. Prior to version 2.3.6, jQuery MiniColors is prone to cross-site scripting when handling untrusted color names. This issue is patched in version 2.3.6. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32850 |
CVE-2021-32851 | Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1 | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32851 |
CVE-2014-125089 | A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function _formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue. The name of the patch is c4c0258bbd18f6915f97f91d5fee625384096a26. It is recommended to upgrade the affected component. The identifier VDB-221497 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2014-125089 |
CVE-2021-32854 | textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32854 |
CVE-2021-32855 | Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32855 |
CVE-2021-32856 | Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32856 |
CVE-2021-32857 | Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32857 |
CVE-2021-32858 | esdoc-publish-html-plugin is a plugin for the document maintenance software ESDoc. TheHTML sanitizer in esdoc-publish-html-plugin 1.1.2 and prior can be bypassed which may lead to cross-site scripting (XSS) issues. There are no known patches for this issue. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32858 |
CVE-2021-32859 | The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting (XSS) when handling untrusted `placeholder` entries. An attacker who is able to influence the field `placeholder` when creating a `Calendar` instance is able to supply arbitrary `html` or `javascript` that will be rendered in the context of a user leading to XSS. There are no known patches for this issue. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32859 |
CVE-2021-32860 | iziModal is a modal plugin with jQuery. Versions prior to 1.6.1 are vulnerable to cross-site scripting (XSS) when handling untrusted modal titles. An attacker who is able to influence the field `title` when creating a `iziModal` instance is able to supply arbitrary `html` or `javascript` code that will be rendered in the context of a user, potentially leading to `XSS`. Version 1.6.1 contains a patch for this issue | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32860 |
CVE-2023-0942 | The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0942 |
CVE-2021-4325 | A vulnerability, which was classified as problematic, has been found in NHN TOAST UI Chart 4.1.4. This issue affects some unknown processing of the component Legend Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.0 is able to address this issue. The name of the patch is 1a3f455d17df379e11b501bb5ba1dd1bcc41d63e. It is recommended to upgrade the affected component. The identifier VDB-221501 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-4325 |
CVE-2022-38779 | An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-38779 |
CVE-2023-0846 | Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0846 |
CVE-2023-25154 | Misskey is an open source, decentralized social media platform. In versions prior to 13.5.0 the link to the instance to the sender that appears when viewing a user or note received through ActivityPub is not properly validated, so by inserting a URL with a javascript scheme an attacker may execute JavaScript code in the context of the recipient. This issue has been fixed in version 13.5.0. Users are advised to upgrade. Users unable to upgrade should not "view on remote" for untrusted instances. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25154 |
CVE-2023-24810 | Misskey is an open source, decentralized social media platform. Due to insufficient validation of the redirect URL during `miauth` authentication in Misskey, arbitrary JavaScript can be executed when a user allows the link. All versions below 13.3.1 (including 12.x) are affected. This has been fixed in version 13.3.1. Users are advised to upgrade. Users unable to upgrade should not allow authentication of untrusted apps. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-24810 |
CVE-2023-24811 | Misskey is an open source, decentralized social media platform. In versions prior to 13.3.2 the URL preview function is subject to a cross site scripting vulnerability due to insufficient URL validation. Arbitrary JavaScript is executed when a malicious URL is loaded in the `View in Player` or `View in Window` preview. This has been fixed in version 13.3.2. Users are advised to upgrade. Users unable to upgrade should avoid usage of the `View in Player` or `View in Window` functions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-24811 |
CVE-2022-29273 | pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29273 |
CVE-2023-0867 | Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0867 |
CVE-2023-0868 | Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0868 |
CVE-2023-0869 | Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0869 |
CVE-2022-48343 | In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-48343 |
CVE-2022-48344 | In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-48344 |
CVE-2023-0044 | If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0044 |
CVE-2022-46784 | SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open redirection. (The issue was originally found in 5.5.1 GA.) | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-46784 |
CVE-2022-46785 | SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 1 of 2). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-46785 |
CVE-2022-48345 | sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-48345 |
CVE-2023-1030 | A vulnerability has been found in SourceCodester Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221755. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1030 |
CVE-2023-25825 | ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25825 |
CVE-2023-26091 | The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26091 |
CVE-2019-25105 | A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is fa73c3a42bc5c246a1b8f815699ea241aef154bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221763. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-25105 |
CVE-2023-1036 | A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /APR/signup.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221794 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1036 |
CVE-2023-1041 | A vulnerability, which was classified as problematic, was found in SourceCodester Simple Responsive Tourism Website 1.0. This affects an unknown part of the file /tourism/rate_review.php. The manipulation of the argument id with the input 1">--redacted-- leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221799 | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1041 |
CVE-2023-1042 | A vulnerability has been found in SourceCodester Online Pet Shop We App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /pet_shop/admin/orders/update_status.php. The manipulation of the argument oid with the input 1">--redacted-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221800 | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1042 |
CVE-2021-32302 | Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32302 |
CVE-2023-26042 | Part-DB is an open source inventory management system for your electronic components. User input was found not being properly escaped, which allowed malicious users to inject arbitrary HTML into the pages. The Content-Security-Policy forbids inline and external scripts so it is not possible to execute JavaScript code, unless in combination with other vulnerabilities. There are no workarounds, please upgrade to Pat-DB 1.0.2 or later. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26042 |
CVE-2023-0043 | The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0043 |
CVE-2023-0334 | The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0334 |
CVE-2022-38220 | An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-38220 |
CVE-2023-1106 | Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1106 |
CVE-2020-13401 | An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. | 6 | https://nvd.nist.gov/vuln/detail/CVE-2020-13401 |
CVE-2022-26579 | PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability. | 6 | https://nvd.nist.gov/vuln/detail/CVE-2022-26579 |
CVE-2019-11065 | Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-11065 |
CVE-2019-4102 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-4102 |
CVE-2019-7614 | A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-7614 |
CVE-2022-38153 | An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-38153 |
CVE-2022-39264 | nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply the patch manually, avoid doing verifications of one's own devices, and/or avoid pressing the request button in the settings menu. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-39264 |
CVE-2021-46853 | Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-46853 |
CVE-2023-25569 | Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cookie SameSite strategy was set to Lax in version 2.1.0. As a workaround, avoid visiting unknown source pages. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-25569 |
CVE-2023-23039 | An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove(). | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-23039 |
CVE-2018-3926 | An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3926 |
CVE-2019-3832 | It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-3832 |
CVE-2019-10018 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10018 |
CVE-2019-1786 | A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1786 |
CVE-2019-1787 | A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1787 |
CVE-2019-11459 | The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-11459 |
CVE-2019-11419 | vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file. The content of the replacement must be derived from the phone's IMEI. The crash occurs upon receiving a message that contains the replaced emoji. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-11419 |
CVE-2019-11833 | fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-11833 |
CVE-2019-4381 | IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC credentials. IBM X-Force ID: 162159. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-4381 |
CVE-2019-12972 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\\0' character. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-12972 |
CVE-2019-13111 | A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-13111 |
CVE-2019-13286 | In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-13286 |
CVE-2019-10194 | Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10194 |
CVE-2019-14250 | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14250 |
CVE-2019-14275 | Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14275 |
CVE-2019-14444 | apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14444 |
CVE-2019-5460 | Double Free in VLC versions <= 3.0.6 leads to a crash. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5460 |
CVE-2019-10367 | Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10367 |
CVE-2019-10426 | Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10426 |
CVE-2019-10429 | Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10429 |
CVE-2020-13867 | Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13867 |
CVE-2020-14150 | GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-14150 |
CVE-2021-32815 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when modifying the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fi`. ### Patches The bug is fixed in version v0.27.5. ### References Regression test and bug fix: #1739 ### For more information Please see our [security policy](https://github.com/Exiv2/exiv2/security/policy) for information about Exiv2 security. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-32815 |
CVE-2021-34334 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-34334 |
CVE-2021-37620 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-37620 |
CVE-2022-1962 | Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1962 |
CVE-2022-2873 | An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2873 |
CVE-2021-3759 | A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3759 |
CVE-2022-0480 | A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0480 |
CVE-2020-27784 | A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free(). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-27784 |
CVE-2022-36280 | An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36280 |
CVE-2022-41218 | In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41218 |
CVE-2022-33180 | A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33180 |
CVE-2022-33181 | An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33181 |
CVE-2022-44079 | pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component __sanitizer::StackDepotBase<__sanitizer::StackDepotNode. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44079 |
CVE-2022-3191 | Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information. This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00 | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3191 |
CVE-2022-3675 | Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a misconfiguration which allows booting non-default OSTree deployments without entering a password. This allows someone with access to the GRUB menu to boot into an older version of Fedora CoreOS, reverting any security fixes that have recently been applied to the machine. A password is still required to modify kernel command-line arguments and to access the GRUB command line. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3675 |
CVE-2022-37290 | GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-37290 |
CVE-2022-45873 | systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45873 |
CVE-2023-23454 | cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23454 |
CVE-2023-23455 | atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23455 |
CVE-2022-47929 | In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47929 |
CVE-2022-48281 | processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48281 |
CVE-2023-0394 | A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0394 |
CVE-2022-26841 | Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26841 |
CVE-2022-30531 | Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1474 may allow a privileged user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30531 |
CVE-2021-33104 | Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33104 |
CVE-2022-29523 | Improper conditions check in the Open CAS software maintained by Intel(R) before version 22.3.1 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29523 |
CVE-2022-36797 | Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36797 |
CVE-2022-41614 | Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41614 |
CVE-2023-0482 | In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0482 |
CVE-2023-21584 | FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21584 |
CVE-2023-21620 | FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21620 |
CVE-2023-0907 | A vulnerability, which was classified as problematic, has been found in Filseclab Twister Antivirus 8.17. Affected by this issue is some unknown functionality in the library ffsmon.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221456. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0907 |
CVE-2023-0909 | A vulnerability, which was classified as problematic, was found in cxasm notepad-- 1.22. This affects an unknown part of the component Directory Comparison Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The associated identifier of this vulnerability is VDB-221475. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0909 |
CVE-2016-15024 | A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-15024 |
CVE-2022-48319 | Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48319 |
CVE-2021-33367 | Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33367 |
CVE-2023-26302 | Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26302 |
CVE-2023-26303 | Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26303 |
CVE-2022-3219 | GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3219 |
CVE-2023-0597 | A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0597 |
CVE-2022-46440 | ttftool v0.9.2 was discovered to contain a segmentation violation via the readU16 function at ttf.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46440 |
CVE-2023-1008 | A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects some unknown processing in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1008 |
CVE-2023-1009 | A vulnerability classified as problematic has been found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi. The manipulation of the argument option with the input /../etc/password leads to path traversal. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1009 |
CVE-2023-1010 | A vulnerability classified as critical was found in vox2png 1.0. Affected by this vulnerability is an unknown functionality of the file vox2png.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221743. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1010 |
CVE-2022-43923 | IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43923 |
CVE-2023-23205 | An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23205 |
CVE-2022-34910 | An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34910 |
CVE-2022-48305 | There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. Successful exploitation of this vulnerability may cause the access control function of specific applications to fail. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48305 |
CVE-2022-22582 | A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22582 |
CVE-2022-32902 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32902 |
CVE-2023-23508 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, macOS Big Sur 11.7.3. An app may be able to bypass Privacy preferences. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23508 |
CVE-2023-23511 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23511 |
CVE-2023-22996 | In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22996 |
CVE-2023-22997 | In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22997 |
CVE-2023-22998 | In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22998 |
CVE-2023-22999 | In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22999 |
CVE-2023-1095 | In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1095 |
CVE-2018-6495 | Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-6495 |
CVE-2018-6681 | Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-6681 |
CVE-2018-3823 | X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of other ML users viewing the results of the jobs. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-3823 |
CVE-2019-1777 | A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by sending an email with a malicious payload to another user. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. This vulnerability affects software versions 5.3.4.x. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-1777 |
CVE-2019-4410 | IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162657. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-4410 |
CVE-2018-19570 | GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-19570 |
CVE-2018-19573 | GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-19573 |
CVE-2018-19574 | GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-19574 |
CVE-2019-3889 | A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-3889 |
CVE-2018-1921 | IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152857. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-1921 |
CVE-2019-10360 | A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10360 |
CVE-2019-3884 | A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-3884 |
CVE-2019-10373 | A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline description to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10373 |
CVE-2019-10374 | A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10374 |
CVE-2019-14796 | The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-14796 |
CVE-2019-3418 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-3418 |
CVE-2018-17790 | Prospecta Master Data Online (MDO) 2.0 has Stored XSS. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-17790 |
CVE-2019-15120 | The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-15120 |
CVE-2019-5471 | An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-5471 |
CVE-2020-11026 | In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-11026 |
CVE-2020-18693 | Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attackers to execute arbitrary code by injecting malicious code into the 'Title' field of the component '/admin/news'. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-18693 |
CVE-2022-24588 | Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-24588 |
CVE-2022-0350 | Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-0350 |
CVE-2022-1290 | Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-1290 |
CVE-2018-25047 | In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-25047 |
CVE-2022-3506 | Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-3506 |
CVE-2022-41358 | A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41358 |
CVE-2022-41091 | Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41091 |
CVE-2022-25629 | An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-25629 |
CVE-2022-44698 | Windows SmartScreen Security Feature Bypass Vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-44698 |
CVE-2022-4802 | Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4802 |
CVE-2022-4811 | Incorrect Authorization in GitHub repository usememos/memos prior to 0.9.1. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4811 |
CVE-2023-0034 | The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0034 |
CVE-2023-0902 | A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0902 |
CVE-2022-4666 | The Markup (JSON-LD) structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4666 |
CVE-2022-4669 | The Page Builder: Live Composer WordPress plugin before 1.5.23 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4669 |
CVE-2023-0492 | The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0492 |
CVE-2023-0540 | The GS Filterable Portfolio WordPress plugin before 1.6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0540 |
CVE-2023-0541 | The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0541 |
CVE-2023-0559 | The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0559 |
CVE-2023-25928 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247646. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25928 |
CVE-2023-0934 | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.5. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0934 |
CVE-2023-0945 | A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. Affected is an unknown function of the file index.php?page=add-category. The manipulation of the argument Name with the input "><img src=x onerror=prompt(document.domain);> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221592. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0945 |
CVE-2023-25810 | Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25810 |
CVE-2023-25811 | Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma `name` parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25811 |
CVE-2023-24081 | Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-24081 |
CVE-2022-41565 | The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.21 and below, versions 6.0.11 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.2.0 and below. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41565 |
CVE-2022-41566 | The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.6.0 and below. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41566 |
CVE-2022-41567 | The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41567 |
CVE-2022-43578 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238683. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-43578 |
CVE-2023-26214 | The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-26214 |
CVE-2023-22972 | A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22972 |
CVE-2023-0987 | A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221680. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0987 |
CVE-2022-46786 | SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-46786 |
CVE-2023-0995 | Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to v2.0.1. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0995 |
CVE-2023-22425 | Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22425 |
CVE-2023-1006 | A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been classified as problematic. This affects an unknown part of the component New Record Handler. The manipulation of the argument Firstname/Middlename/Lastname/Suffix/Nationality/Doctor Fullname/Doctor Suffix with the input ">--redacted-- leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221739 | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1006 |
CVE-2023-0586 | The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0586 |
CVE-2023-1067 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1067 |
CVE-2023-22860 | IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22860 |
CVE-2022-4679 | The Wufoo Shortcode WordPress plugin before 1.52 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4679 |
CVE-2022-4757 | The List Pages Shortcode WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4757 |
CVE-2022-4788 | The Embed PDF WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4788 |
CVE-2022-4795 | The Galleries by Angie Makes WordPress plugin through 1.67 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4795 |
CVE-2022-4829 | The Show-Hide / Collapse-Expand WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4829 |
CVE-2023-0168 | The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0168 |
CVE-2023-0230 | The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0230 |
CVE-2023-0535 | The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0535 |
CVE-2023-0539 | The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0539 |
CVE-2023-0552 | The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0552 |
CVE-2023-24251 | WangEditor v5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /dist/index.js. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-24251 |
CVE-2023-24651 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-24651 |
CVE-2023-25807 | DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25807 |
CVE-2023-27292 | An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-27292 |
CVE-2023-27295 | Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-27295 |
CVE-2023-26608 | SOLDR (System of Orchestration, Lifecycle control, Detection and Response) 1.1.0 allows stored XSS via the module editor. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-26608 |
CVE-2023-1103 | Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1103 |
CVE-2023-1104 | Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1104 |
CVE-2023-1115 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1115 |
CVE-2023-1116 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1116 |
CVE-2023-1117 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1117 |
CVE-2023-1107 | Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1107 |
CVE-2023-1146 | Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1146 |
CVE-2023-1147 | Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1147 |
CVE-2018-3829 | In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-3829 |
CVE-2018-19577 | Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-19577 |
CVE-2018-1968 | IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153749. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-1968 |
CVE-2018-2022 | IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 155346. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-2022 |
CVE-2019-1020017 | Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-1020017 |
CVE-2019-13417 | Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-13417 |
CVE-2019-10427 | Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10427 |
CVE-2019-16910 | Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.) | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-16910 |
CVE-2021-30048 | Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (?????-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-30048 |
CVE-2021-29023 | InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-29023 |
CVE-2022-3594 | A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-3594 |
CVE-2022-46392 | An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-46392 |
CVE-2022-4798 | Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-4798 |
CVE-2022-4806 | Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-4806 |
CVE-2023-20057 | A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-20057 |
CVE-2023-0440 | Observable Discrepancy in GitHub repository healthchecks/healthchecks prior to v2.6. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-0440 |
CVE-2023-0678 | Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-0678 |
CVE-2022-38056 | Improper neutralization in the Intel(R) EMA software before version 1.8.1.0 may allow a privileged user to potentially enable escalation of privilege via network access. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-38056 |
CVE-2023-22232 | Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22232 |
CVE-2022-48318 | No authorisation controls in the RestAPI documentation for Tribe29's Checkmk <= 2.1.0p13 and Checkmk <= 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-48318 |
CVE-2023-26265 | The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borg_preprocess_page in the file template.php does not properly sanitize incoming path arguments before using them. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-26265 |
CVE-2023-0998 | A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221733 was assigned to this vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-0998 |
CVE-2023-0595 | A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions) | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-0595 |
CVE-2022-45139 | A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-45139 |
CVE-2020-9846 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-9846 |
CVE-2019-7616 | Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-7616 |
CVE-2022-35295 | In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-35295 |
CVE-2023-22776 | An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22776 |
CVE-2018-3764 | In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3764 |
CVE-2019-1802 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user to access a report containing malicious content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Versions 6.2.3, 6.3.0, and 6.4.0 are affected. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1802 |
CVE-2019-14415 | An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. A victim must open a resiliency plan that an attacker has access to. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14415 |
CVE-2019-15081 | OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-15081 |
CVE-2019-15108 | An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-15108 |
CVE-2020-14154 | Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-14154 |
CVE-2022-34156 | 'Hulu / ????' App for iOS versions prior to 3.0.81 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34156 |
CVE-2023-0566 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0566 |
CVE-2023-0949 | Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0949 |
CVE-2023-22427 | Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22427 |
CVE-2023-0585 | The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0585 |
CVE-2023-0543 | The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0543 |
CVE-2023-0548 | The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0548 |
CVE-2023-1081 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1081 |
CVE-2023-25431 | An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25431 |
CVE-2023-1148 | Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1148 |
CVE-2019-18222 | The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2019-18222 |
CVE-2020-10932 | An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-10932 |
CVE-2020-10951 | Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-10951 |
CVE-2022-41215 | SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-41215 |
CVE-2022-39334 | Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive data or credentials to a network attacker. This affects the CLI only. It does not affect the standard GUI desktop Nextcloud clients, and it does not affect the Nextcloud server. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-39334 |
CVE-2019-15098 | drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-15098 |
CVE-2019-15211 | An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-15211 |
CVE-2019-15212 | An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-15212 |
CVE-2019-15213 | An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-15213 |
CVE-2019-15215 | An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-15215 |
CVE-2019-15216 | An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-15216 |
CVE-2019-15217 | An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-15217 |
CVE-2019-15218 | An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-15218 |
CVE-2019-15219 | An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-15219 |
CVE-2019-15220 | An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-15220 |
CVE-2019-15221 | An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-15221 |
CVE-2019-15222 | An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-15222 |
CVE-2019-15223 | An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/driver.c driver. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-15223 |
CVE-2022-48254 | There is a data processing error vulnerability in Leia-B29 2.0.0.49(M03). Successful exploitation could bypass lock screen authentication. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-48254 |
CVE-2020-36605 | Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-36605 |
CVE-2022-30339 | Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solution before versions 5.4.2.4579v3, 5.4.1.4479 and 5.0.0.4143 may allow a privileged user to potentially enable denial of service via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30339 |
CVE-2022-34849 | Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2) may allow a privileged user to potentially enable denial of service via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34849 |
CVE-2022-36794 | Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-36794 |
CVE-2022-33972 | Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-33972 |
CVE-2022-36382 | Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel(R) Ethernet 700 Series Controllers and Adapters before version 9.101 may allow a privileged user to potentially enable denial of service via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-36382 |
CVE-2022-38090 | Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-38090 |
CVE-2019-10365 | Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10365 |
CVE-2018-20826 | The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-20826 |
CVE-2022-3435 | A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-3435 |
CVE-2022-38756 | A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-38756 |
CVE-2023-25766 | A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-25766 |
CVE-2022-36287 | Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36287 |
CVE-2022-48320 | Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an attacker to add new visual elements to multiple pages. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-48320 |
CVE-2023-0453 | The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-0453 |
CVE-2023-22476 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22476 |
CVE-2023-1029 | The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate Sitemaps via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-1029 |
CVE-2023-1043 | A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221802 is the identifier assigned to this vulnerability. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-1043 |
CVE-2023-1068 | The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the read_more_excerpt_link_menu_options() function. This makes it possible for unauthenticated attackers to update he plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-1068 |
CVE-2023-1024 | The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to generate sitemaps. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-1024 |
CVE-2023-1026 | The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by category as long as those posts are published. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-1026 |
CVE-2023-1027 | The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post categories. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-1027 |
CVE-2023-1028 | The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-1028 |
CVE-2023-23920 | An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. | 4.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-23920 |
CVE-2022-26888 | Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access. | 4.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-26888 |
CVE-2022-35252 | When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-35252 |
CVE-2020-24588 | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-24588 |
CVE-2019-11884 | The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-11884 |
CVE-2019-0182 | Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-0182 |
CVE-2019-10343 | Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10343 |
CVE-2019-13512 | Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out-of-bounds read vulnerability, which may allow an attacker to read limited information from the device. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-13512 |
CVE-2019-10433 | Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10433 |
CVE-2023-0481 | In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-0481 |
CVE-2023-20932 | In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018 | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-20932 |
CVE-2022-30629 | Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. | 3.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-30629 |
CVE-2015-7559 | It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2015-7559 |
CVE-2023-27266 | Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-27266 |
CVE-2023-22771 | An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account | 2.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22771 |
CVE-2000-0963 | Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS. | – | https://nvd.nist.gov/vuln/detail/CVE-2000-0963 |
CVE-2002-0062 | Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." | – | https://nvd.nist.gov/vuln/detail/CVE-2002-0062 |
CVE-2002-1716 | The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability. | – | https://nvd.nist.gov/vuln/detail/CVE-2002-1716 |
CVE-2005-1796 | Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2005-1796 |
CVE-2007-5000 | Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2007-5000 |
CVE-2008-0539 | Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php in F5 BIG-IP Application Security Manager (ASM) 9.4.3 allows remote attackers to inject arbitrary web script or HTML via the report_type parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-0539 |
CVE-2009-1956 | Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input. | – | https://nvd.nist.gov/vuln/detail/CVE-2009-1956 |
CVE-2013-1463 | Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be the same vulnerability as CVE-2013-1808. If so, it is likely that CVE-2013-1463 will be REJECTed. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-1463 |
CVE-2015-2907 | Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-2907 |
CVE-2015-2908 | Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-2908 |
CVE-2023-27320 | Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27320 |
CVE-2023-1065 | This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not expose the user of the integration to any direct security risk and no user data can be leaked. To exploit the vulnerability the attacker does not need to be authenticated to Snyk but does need to know the target's Integration ID (which may or may not be the same as the Organization ID, although this is an unpredictable UUID in either case). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1065 |
CVE-2022-23239 | Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-23239 |
CVE-2022-23240 | Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-23240 |
CVE-2023-25575 | API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the `security` option of the `ApiPlatform\\Metadata\\ApiProperty` attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON, which is enabled by default when installing API Platform. Custom serialization formats may also be impacted. Only collection endpoints are affected by the issue, item endpoints are not. The JSON-LD format is not affected by the issue. The result of the security rule is only executed for the first item of the collection. The result of the rule is then cached and reused for the next items. This bug can leak data to unauthorized users when the rule depends on the value of a property of the item. This bug can also hide properties that should be displayed to authorized users. This issue impacts the 2.7, 3.0 and 3.1 branches. Please upgrade to versions 2.7.10, 3.0.12 or 3.1.3. As a workaround, replace the `cache_key` of the context array of the Serializer inside a custom normalizer that works on objects if the security option of the `ApiPlatform\\Metadata\\ApiProperty` attribute is used. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25575 |
CVE-2023-0847 | The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. If the protocol has been compiled using default settings, this will only grant the attacker access to allocated but unused memory. However, if it was configured using non-default settings, there is the possibility that exploiting this vulnerability could lead to system crashes and remote code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0847 |
CVE-2023-24045 | In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24045 |
CVE-2023-1105 | External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1105 |
CVE-2021-3855 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman MYS: from 1.7.0 before 1.8.3-462. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-3855 |
CVE-2021-4326 | A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-4326 |
CVE-2022-20952 | A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked. This vulnerability exists because malformed, encoded traffic is not properly detected. An attacker could exploit this vulnerability by connecting through an affected device to a malicious server and receiving malformed HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-20952 |
CVE-2022-27672 | When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-27672 |
CVE-2022-27677 | Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-27677 |
CVE-2022-37935 | HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-37935 |
CVE-2022-37936 | Unauthenticated Java deserialization vulnerability in Serviceguard Manager | – | https://nvd.nist.gov/vuln/detail/CVE-2022-37936 |
CVE-2022-37937 | Pre-auth memory corruption in HPE Serviceguard | – | https://nvd.nist.gov/vuln/detail/CVE-2022-37937 |
CVE-2022-37938 | Unauthenticated server side request forgery in HPE Serviceguard Manager | – | https://nvd.nist.gov/vuln/detail/CVE-2022-37938 |
CVE-2023-0567 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0567 |
CVE-2023-0951 | Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0951 |
CVE-2023-0952 | Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0952 |
CVE-2023-0953 | Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0953 |
CVE-2023-20009 | A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a [[privilege of operator - validate actual name]]. The vulnerability is due to the processing of a specially crafted SNMP configuration file. An attacker could exploit this vulnerability by authenticating to the targeted device and uploading a specially crafted SNMP configuration file that when uploaded could allow for the execution of commands as root. An exploit could allow the attacker to gain root access on the device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20009 |
CVE-2023-20014 | A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a continuous stream of DNS requests to an affected device. A successful exploit could allow the attacker to cause the coredns service to stop working or cause the device to reload, resulting in a DoS condition. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20014 |
CVE-2023-20032 | On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"]. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20032 |
CVE-2023-20052 | On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20052 |
CVE-2023-20053 | A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20053 |
CVE-2023-20075 | Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20075 |
CVE-2023-20085 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script in the context of the affected interface or access sensitive, browser-based information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20085 |
CVE-2023-22747 | There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22747 |
CVE-2023-22748 | There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22748 |
CVE-2023-22749 | There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22749 |
CVE-2023-22750 | There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22750 |
CVE-2023-22751 | There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22751 |
CVE-2023-22752 | There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22752 |
CVE-2023-22753 | There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22753 |
CVE-2023-22754 | There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22754 |
CVE-2023-22755 | There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22755 |
CVE-2023-22756 | There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22756 |
CVE-2023-22757 | There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22757 |
CVE-2023-22758 | Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22758 |
CVE-2023-22759 | Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22759 |
CVE-2023-22760 | Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22760 |
CVE-2023-22761 | Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22761 |
CVE-2023-22772 | An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22772 |
CVE-2023-22775 | A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22775 |
CVE-2023-22777 | An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22777 |
CVE-2023-22778 | A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22778 |
CVE-2023-26281 | IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26281 |
CVE-2023-1112 | A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument upload_name leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222072. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1112 |
CVE-2023-1113 | A vulnerability was found in SourceCodester Simple Payroll System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=admin of the component POST Parameter Handler. The manipulation of the argument fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222073 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1113 |
CVE-2021-4327 | A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initialize_typed_array_from_array_buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is f6c6047e49f1517778f5565681fb64750b14bf60. It is recommended to apply a patch to fix this issue. VDB-222074 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-4327 |
CVE-2023-1064 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Uzay Baskul Weighbridge Automation Software allows SQL Injection.This issue affects Weighbridge Automation Software: before 1.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1064 |
CVE-2023-1114 | Improper Input Validation, Missing Authorization vulnerability in Eskom Bilgisayar e-Belediye allows Information Elicitation.This issue affects e-Belediye: from 1.0.0.95 before 1.0.0.100. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1114 |
CVE-2023-23973 | Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Contact Us Page – Contact People plugin <= 3.7.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23973 |
CVE-2023-23974 | Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23974 |
CVE-2023-23984 | Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu plugin <= 3.0.1 leading to form deletion. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23984 |
CVE-2022-38468 | Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-38468 |
CVE-2022-40198 | Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech TeraWallet – For WooCommerce plugin <= 1.3.24 leading to plugin settings change. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-40198 |
CVE-2022-45068 | Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <= 6.3.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45068 |
CVE-2022-45804 | Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.9 leading to galleries hierarchy change, included plugin deactivate & activate. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45804 |
CVE-2022-46797 | Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin <= 5.2.3 leads to plugin settings change. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46797 |
CVE-2022-46798 | Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.5.1 leading to plugin settings change. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46798 |
CVE-2022-46805 | Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 leading to activation/deactivation of plugin rulesets. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46805 |
CVE-2022-46806 | Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin <= 1.1.10 leading to cart modification. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46806 |
CVE-2022-47148 | Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47148 |
CVE-2023-23315 | The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method `stripejsValidationModuleFrontController::initContent()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23315 |
CVE-2023-24567 | Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24567 |
CVE-2023-24751 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24751 |
CVE-2023-24752 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24752 |
CVE-2023-24754 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24754 |
CVE-2023-24755 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24755 |
CVE-2023-24756 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24756 |
CVE-2023-24757 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24757 |
CVE-2023-24758 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24758 |
CVE-2023-25221 | Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25221 |
CVE-2023-25222 | A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25222 |
CVE-2023-25544 | Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25544 |
CVE-2022-36021 | Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-36021 |
CVE-2022-45608 | An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value). | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45608 |
CVE-2023-0507 | Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include a map attribution containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0507 |
CVE-2023-0594 | Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this will be rendered when the span's attributes/resources are expanded. An attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0594 |
CVE-2022-39228 | vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-39228 |
CVE-2023-0460 | The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main App’s ClassLoader. A potential vulnerability in the binding logic used by the client SDK where the SDK ends up calling bindService() on a malicious app rather than YT Main App. This creates a vulnerability where the SDK can load the malicious app’s ClassLoader instead, allowing the malicious app to load arbitrary code into the calling app whenever the embedded SDK is invoked. In order to trigger this vulnerability, an attacker must masquerade the Youtube app and install it on a device, have a second app that uses the Embedded player and typically distribute both to the victim outside of the Play Store. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0460 |
CVE-2022-3162 | Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3162 |
CVE-2022-3294 | Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3294 |
CVE-2022-48309 | A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48309 |
CVE-2022-48310 | An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48310 |
CVE-2022-4901 | Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4901 |
CVE-2023-1127 | Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1127 |
CVE-2023-23000 | In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23000 |
CVE-2023-25931 | Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updating could potentially result in unauthorized control of the clinician therapy application, which has greater control over therapy parameters than the patient app. Changes still cannot be made outside of the established therapy parameters of the programmer. For unauthorized access to occur, an individual would need physical access to the Smart Programmer. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25931 |
CVE-2023-1097 | Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1097 |
CVE-2023-1130 | A vulnerability, which was classified as critical, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file processlogin. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222105 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1130 |
CVE-2023-1131 | A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. This vulnerability affects unknown code of the file customer.php. The manipulation of the argument FIRST_NAME/LAST_NAME/PHONE_NUMBER leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222106 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1131 |
CVE-2023-23001 | In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23001 |
CVE-2023-23002 | In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23002 |
CVE-2023-23003 | In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23003 |
CVE-2023-23004 | In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23004 |
CVE-2023-23006 | In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23006 |
CVE-2023-22738 | vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain their permissions and therefore might be able to access stuff they should not be allowed to access. This issue is patched in version 3.8.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22738 |
CVE-2020-5001 | IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-5001 |
CVE-2020-5026 | IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 193662. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-5026 |
CVE-2023-0053 | SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0053 |
CVE-2023-22462 | Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin "Text". The stored XSS vulnerability requires several user interactions in order to be fully exploited. The vulnerability was possible due to React's render cycle that will pass though the unsanitized HTML code, but in the next cycle the HTML is cleaned up and saved in Grafana's database. An attacker needs to have the Editor role in order to change a Text panel to include JavaScript. Another user needs to edit the same Text panel, and click on "Markdown" or "HTML" for the code to be executed. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. This issue has been patched in versions 9.2.10 and 9.3.4. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22462 |
CVE-2023-26046 | teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. The vulnerability exists due to teler-waf failure to properly sanitize and filter HTML entities in user input. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been fixed in version 0.1.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26046 |
CVE-2023-0196 | NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0196 |
CVE-2023-0228 | Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0228 |
CVE-2023-25155 | Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25155 |
CVE-2023-25806 | OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25806 |
CVE-2023-26053 | Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a `trusted-key` or `pgp` element in their dependency verification metadata file. The fix is to fail dependency verification if anything but a fingerprint is used in a trust element in dependency verification metadata. The problem is fixed in Gradle 8.0 and above. The problem is also patched in Gradle 6.9.4 and 7.6.1. As a workaround, use only full fingerprint IDs for `trusted-key` or `pgp` element in the metadata is a protection against this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26053 |
CVE-2023-1149 | Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1149 |
CVE-2023-1151 | A vulnerability was found in SourceCodester Electronic Medical Records System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file administrator.php of the component Cookie Handler. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222163. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1151 |
CVE-2021-45477 | Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-45477 |
CVE-2021-45478 | Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-45478 |
CVE-2021-45479 | Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.This issue affects Library Automation System: before 19.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-45479 |
CVE-2021-3854 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-3854 |
CVE-2023-25358 | A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25358 |
CVE-2023-25360 | A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25360 |
CVE-2023-25361 | A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25361 |
CVE-2023-25362 | A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25362 |
CVE-2023-25363 | A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25363 |
CVE-2023-25536 | Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system takeover. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25536 |
CVE-2023-26780 | CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26780 |
CVE-2023-0085 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers to bypass Captcha restrictions and for attackers to utilize bots to submit forms. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0085 |
CVE-2022-38734 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to to a crash of the Local Distribution Router (LDR) service. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-38734 |
CVE-2023-1118 | A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1118 |
CVE-2023-1155 | The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1155 |
CVE-2023-26477 | XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the `newThemeName` request parameter (URL parameter), in combination with additional parameters. This has been patched in the supported versions 13.10.10, 14.9-rc-1, and 14.4.6. As a workaround, it is possible to edit `FlamingoThemesCode.WebHomeSheet` and manually perform the changes from the patch fixing the issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26477 |
CVE-2023-26478 | XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, `org.xwiki.store.script.TemporaryAttachmentsScriptService#uploadTemporaryAttachment` returns an instance of `com.xpn.xwiki.doc.XWikiAttachment`. This class is not supported to be exposed to users without the `programing` right. `com.xpn.xwiki.api.Attachment` should be used instead and takes case of checking the user's rights before performing dangerous operations. This has been patched in versions 14.9-rc-1 and 14.4.6. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26478 |
CVE-2023-26479 | XWiki Platform is a generic wiki platform. Starting in version 6.0, users with write rights can insert well-formed content that is not handled well by the parser. As a consequence, some pages becomes unusable, including the user index (if the page containing the faulty content is a user page) and the page index. Note that on the page, the normal UI is completely missing and it is not possible to open the editor directly to revert the change as the stack overflow is already triggered while getting the title of the document. This means that it is quite difficult to remove this content once inserted. This has been patched in XWiki 13.10.10, 14.4.6, and 14.9-rc-1. A temporary workaround to avoid Stack Overflow errors is to increase the memory allocated to the stack by using the `-Xss` JVM parameter (e.g., `-Xss32m`). This should allow the parser to pass and to fix the faulty content. The consequences for other aspects of the system (e.g., performance) are unknown, and this workaround should be only be used as a temporary solution. The workaround does not prevent the issue occurring again with other content. Consequently, it is strongly advised to upgrade to a version where the issue has been patched. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26479 |
CVE-2023-26480 | XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26480 |
CVE-2021-4328 | A vulnerability has been found in ???CMS and classified as critical. Affected by this vulnerability is the function goods_detail of the file ApiController.class.php. The manipulation of the argument goods_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222223. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-4328 |
CVE-2023-0084 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, which is the submissions page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0084 |
CVE-2023-1156 | A vulnerability classified as problematic was found in SourceCodester Health Center Patient Record Management System 1.0. This vulnerability affects unknown code of the file admin/fecalysis_form.php. The manipulation of the argument itr_no leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222220. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1156 |
CVE-2023-1157 | A vulnerability, which was classified as problematic, was found in finixbit elf-parser. Affected is the function elf_parser::Elf_parser::get_segments of the file elf_parser.cpp. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-222222 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1157 |
CVE-2023-26051 | Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26051 |
CVE-2023-26052 | Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26052 |
CVE-2023-26055 | XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places where short text properties are displayed, e.g., in apps created using Apps Within Minutes that use a short text field. The problem has been patched on versions 13.10.9, 14.4.4, 14.7RC1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26055 |
CVE-2023-26056 | XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26056 |
CVE-2023-26470 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number (e.g. 67108863). Most of the time this will fill the memory allocated to XWiki and make it unusable every time this document is manipulated. This issue has been patched in XWiki 14.0-rc-1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26470 |
CVE-2023-26471 | XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode (anything dangerous is disabled), but the async macro does not take into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki content with the right of superadmin. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10. The only known workaround consists of applying a patch and rebuilding and redeploying `org.xwiki.platform:xwiki-platform-rendering-async-macro`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26471 |
CVE-2023-26472 | XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having edit right. The issue has been patched in XWiki 14.9, 14.4.6, and 13.10.10. An available workaround is to fix the bug in the page `IconThemesCode.IconThemeSheet` by applying a modification from commit 48caf7491595238af2b531026a614221d5d61f38. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26472 |
CVE-2023-26473 | XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26473 |
CVE-2023-26474 | XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26474 |
CVE-2023-26475 | XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. There is no easy workaround except to upgrade. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26475 |
CVE-2023-26476 | XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version >= 3.2M3 by applying the patch manually on `LiveTableResults` and `WikisLiveTableResultsMacros`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26476 |
CVE-2022-35645 | IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230958. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-35645 |
CVE-2022-46501 | Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46501 |
CVE-2023-22381 | A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to control the value of environment variables for use with GitHub Actions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.8.0 and was fixed in versions 3.4.15, 3.5.12, 3.6.8, 3.7.5. This vulnerability was reported via the GitHub Bug Bounty program. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22381 |
CVE-2023-0656 | A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0656 |
CVE-2023-1101 | SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1101 |
CVE-2022-40633 | A malicious actor can clone access cards used to open control cabinets secured with Rittal CMC III locks. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-40633 |
CVE-2023-1160 | Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1160 |
CVE-2023-0457 | Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U(C) CPU modules all models all versions, FX5UJ CPU modules all models all versions, FX5S CPU modules all models all versions, FX5-ENET all versions and FX5-ENET/IP all versions allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0457 |
CVE-2023-27560 | Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27560 |
CVE-2023-0577 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS).This issue affects SOBIAD: before 23.02.01. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0577 |
CVE-2023-0578 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).This issue affects Book Cites: before 23.01.05. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0578 |
CVE-2023-1162 | A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1225C of the file mainfunction.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1162 |
CVE-2023-1163 | A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and classified as problematic. Affected by this vulnerability is the function sub_1DA58 of the file mainfunction.cgi. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1163 |
CVE-2023-1164 | A vulnerability was found in KylinSoft kylin-activation and classified as critical. Affected by this issue is some unknown functionality of the component File Import. The manipulation leads to improper authorization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.11-23 and 1.30.10-5.p23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222260. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1164 |
CVE-2023-0957 | An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This can lead to the extraction of data from workspaces, to a full takeover of the workspace. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0957 |
CVE-2023-1165 | A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-222261 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1165 |
CVE-2022-45551 | An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45551 |
CVE-2022-45552 | An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45552 |
CVE-2022-45553 | An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45553 |
CVE-2022-45988 | starsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary commands via a crafted file upload. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45988 |
CVE-2022-47664 | Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47664 |
CVE-2022-47665 | Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47665 |
CVE-2022-2835 | A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of <service>.<namespace>.svc. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2835 |
CVE-2022-2837 | A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2837 |
CVE-2022-41862 | In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41862 |
CVE-2022-4645 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4645 |
CVE-2023-20061 | Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20061 |
CVE-2023-20062 | Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20062 |
CVE-2023-20069 | A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20069 |
CVE-2023-20078 | Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20078 |
CVE-2023-20079 | Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20079 |
CVE-2023-20088 | A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer. This vulnerability is due to improper IP address filtering by the reverse proxy. An attacker could exploit this vulnerability by sending a series of unauthenticated requests to the reverse proxy. A successful exploit could allow the attacker to cause all current traffic and subsequent requests to the reverse proxy through a load balancer to be dropped, resulting in a DoS condition. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20088 |
CVE-2023-20104 | A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending an arbitrary file to a user and persuading that user to browse to a specific URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20104 |
CVE-2023-26604 | systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26604 |
CVE-2023-24641 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24641 |
CVE-2023-24642 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24642 |
CVE-2023-24643 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24643 |
CVE-2023-27561 | runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27561 |
CVE-2023-27566 | Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset Table or Count Info Table in an MOC3 file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27566 |
CVE-2022-46973 | Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46973 |
CVE-2023-0968 | The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0968 |
CVE-2023-23313 | Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23313 |
CVE-2023-23927 | Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23927 |
CVE-2023-26213 | On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26213 |
CVE-2023-26488 | OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balance as reported by `balanceOf`. The issue exclusively presents with batches of size 1. The issue has been patched in 4.8.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26488 |
CVE-2023-26492 | Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was fixed in version 9.23.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26492 |
CVE-2023-27567 | In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27567 |
CVE-2023-27574 | ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27574 |
CVE-2023-1170 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1170 |
CVE-2023-25402 | CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25402 |
CVE-2023-25403 | CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25403 |
CVE-2023-26047 | teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been patched in version 0.2.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26047 |
CVE-2023-26483 | gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a `deflate`-compressed request which will consume significantly more memory during processing than the size of the original request. This may eventually lead to memory exhaustion and the process being killed. The maximum compression ratio achievable with `deflate` is 1032:1, so by limiting the size of bodies passed to gosaml2, limiting the rate and concurrency of calls, and ensuring that lots of memory is available to the process it _may_ be possible to help Go's garbage collector "keep up". Implementors are encouraged not to rely on this. This issue is fixed in version 0.9.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26483 |
CVE-2023-26491 | RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected. This vulnerability was fixed in version c910c4d28717fb860fbe064736641f379fab2c91. Please upgrade to this or a later version, there are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26491 |
CVE-2023-26779 | CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26779 |
CVE-2023-27290 | Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27290 |
CVE-2021-36689 | An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-36689 |
CVE-2023-23929 | vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23929 |
CVE-2023-26486 | Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. This issue has been fixed in version 5.13.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26486 |
CVE-2023-26487 | Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.`lassoAppend' function accepts 3 arguments and internally invokes `push` function on the 1st argument specifying array consisting of 2nd and 3rd arguments as `push` call argument. The type of the 1st argument is supposed to be an array, but it's not enforced. This makes it possible to specify any object with a `push` function as the 1st argument, `push` function can be set to any function that can be access via `event.view` (no all such functions can be exploited due to invalid context or signature, but some can, e.g. `console.log`). The issue is that`lassoAppend` doesn't enforce proper types of its arguments. This issue opens various XSS vectors, but exact impact and severity depends on the environment (e.g. Core JS `setImmediate` polyfill basically allows `eval`-like functionality). This issue was patched in 5.23.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26487 |
CVE-2023-26490 | mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to obtain shell access to the Docker container running dovecot. The imapsync Perl script implements all the necessary functionality for this feature, including the XOAUTH2 authentication mechanism. This code path creates a shell command to call openssl. However, since different parts of the specified user password are included without any validation, one can simply execute additional shell commands. Notably, the default ACL for a newly-created mailcow account does not include the necessary permission. The Issue has been fixed within the 2023-03 Update (March 3rd 2023). As a temporary workaround the Syncjob ACL can be removed from all mailbox users, preventing from creating or changing existing Syncjobs. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26490 |
CVE-2023-25819 | Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches >= 3.1.0.beta2. The issue is patched in the latest `beta` and `tests-passed` version of Discourse. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25819 |
CVE-2023-26481 | authentik is an open-source Identity Provider. Due to an insufficient access check, a recovery flow link that is created by an admin (or sent via email by an admin) can be used to set the password for any arbitrary user. This attack is only possible if a recovery flow exists, which has both an Identification and an Email stage bound to it. If the flow has policies on the identification stage to skip it when the flow is restored (by checking `request.context['is_restored']`), the flow is not affected by this. With this flow in place, an administrator must create a recovery Link or send a recovery URL to the attacker, who can, due to the improper validation of the token create, set the password for any account. Regardless, for custom recovery flows it is recommended to add a policy that checks if the flow is restored, and skips the identification stage. This issue has been fixed in versions 2023.2.3, 2023.1.3 and 2022.12.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26481 |
CVE-2020-36663 | A vulnerability, which was classified as problematic, was found in Artesãos SEOTools up to 0.17.1. This affects the function makeTag of the file OpenGraph.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222231. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36663 |
CVE-2023-1175 | Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1175 |
CVE-2020-36664 | A vulnerability has been found in Artesãos SEOTools up to 0.17.1 and classified as problematic. This vulnerability affects the function setTitle of the file SEOMeta.php. The manipulation of the argument title leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222232. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36664 |
CVE-2020-36665 | A vulnerability was found in Artesãos SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier VDB-222233 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36665 |
CVE-2014-125090 | A vulnerability was found in Media Downloader Plugin 0.1.992. It has been declared as problematic. This vulnerability affects the function dl_file_resumable of the file getfile.php. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.1.993 is able to address this issue. The name of the patch is 77beb720c682b9300035ab5f96eee225181d8a92. It is recommended to upgrade the affected component. VDB-222262 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-125090 |
CVE-2014-125091 | A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222268. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-125091 |
CVE-2008-10002 | A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The name of the patch is 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-10002 |
CVE-2008-10003 | A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-10003 |
CVE-2015-10088 | A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The name of the patch is 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-10088 |
CVE-2023-1179 | A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add Supplier Handler. The manipulation of the argument company_name/province/city/phone_number leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222330 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1179 |
CVE-2023-1180 | A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file hematology_print.php. The manipulation of the argument hem_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222331. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1180 |
CVE-2015-10089 | A vulnerability classified as problematic has been found in flame.js. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is e6c49b5f6179e31a534b7c3264e1d36aa99728ac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222291. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-10089 |
CVE-2023-1181 | Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyimages2.0 prior to 2.6.7. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1181 |
CVE-2021-4329 | A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227. It is recommended to upgrade the affected component. VDB-222266 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-4329 |
CVE-2022-4927 | A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The name of the patch is abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4927 |
CVE-2006-10001 | A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2006-10001 |
CVE-2014-125092 | A vulnerability was found in MaxButtons Plugin up to 1.26.0 and classified as problematic. This issue affects the function maxbuttons_strip_px of the file includes/maxbuttons-button.php. The manipulation of the argument button_id leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.26.1 is able to address this issue. The name of the patch is e74564c9e3b7429808e317f4916bd1c26ef0b806. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222323. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-125092 |
CVE-2023-0734 | Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0734 |
CVE-2023-26510 | Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26510 |
CVE-2023-27635 | debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. (The path is shown to the user before execution.) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27635 |
CVE-2023-27641 | The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27641 |
CVE-2015-10090 | A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to address this issue. The name of the patch is c8e22c1340c11fedfb0a0a67ea690421bdb62b94. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222320. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-10090 |
CVE-2023-22335 | Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. As a result of exploiting this vulnerability with CVE-2023-22336 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22335 |
CVE-2023-22336 | Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22336 |
CVE-2023-22344 | Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22344 |
CVE-2023-22419 | Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22419 |
CVE-2023-22421 | Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. The insufficient buffer size for the PLC program instructions leads to out-of-bounds read. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22421 |
CVE-2023-22424 | Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22424 |
CVE-2023-22432 | Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22432 |
CVE-2023-22438 | Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22438 |
CVE-2023-22838 | Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22838 |
CVE-2023-25077 | Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25077 |
CVE-2022-4928 | A vulnerability was found in icplayer up to 0.819. It has been declared as problematic. Affected by this vulnerability is the function AddonText_Selection_create of the file addons/Text_Selection/src/presenter.js. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.820 is able to address this issue. The name of the patch is 2223628e6db1df73f6d633d2c0422d995990f0a3. It is recommended to upgrade the affected component. The identifier VDB-222289 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4928 |
CVE-2022-4929 | A vulnerability was found in icplayer up to 0.818. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addons/Commons/src/tts-utils.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.819 is able to address this issue. The name of the patch is fa785969f213c76384f1fe67d47b17d57fcc60c8. It is recommended to upgrade the affected component. VDB-222290 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4929 |
CVE-2015-10091 | A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-10091 |
CVE-2022-44875 | KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-44875 |
CVE-2023-26106 | All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26106 |
CVE-2023-26107 | All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26107 |
CVE-2023-26108 | Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26108 |
CVE-2023-26111 | All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26111 |
CVE-2015-10092 | A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It has been classified as problematic. Affected is the function add_slug_meta_box of the file includes/class-qtranslate-slug.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.1.17 is able to address this issue. The name of the patch is 74b3932696f9868e14563e51b7d0bb68c53bf5e4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222324. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-10092 |
CVE-2015-10093 | A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-10093 |
CVE-2023-22856 | A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22856 |
CVE-2023-22857 | A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22857 |
CVE-2023-22858 | An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22858 |
CVE-2023-0839 | Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0839 |
CVE-2023-1184 | A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Affected by this issue is some unknown functionality of the file admin/database.php of the component Backup Database Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222356. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1184 |
CVE-2023-1185 | A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222357 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1185 |
CVE-2023-1186 | A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects unknown code in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-222358 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1186 |
CVE-2023-1187 | A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This issue affects some unknown processing in the library ftwebcam.sys of the component Global Variable Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222359. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1187 |
CVE-2023-1188 | A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. It has been classified as problematic. Affected is an unknown function in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222360. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1188 |
CVE-2023-1189 | A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library WiseFs64.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-222361 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1189 |
CVE-2023-1190 | A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file imageinfo.hpp. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-222362 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1190 |
CVE-2023-1191 | A vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222363. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1191 |
CVE-2017-20180 | A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation leads to insufficient verification of data authenticity. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is ce103a09ec079d0a0ed95475992348bed6e860de. It is recommended to apply a patch to fix this issue. VDB-222318 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20180 |
CVE-2022-3284 | Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3284 |
CVE-2022-4862 | Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4862 |
CVE-2022-2178 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saysis Computer Starcities. This issue affects Starcities: before 1.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2178 |
CVE-2022-46395 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46395 |
CVE-2022-48364 | The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48364 |
CVE-2022-4265 | The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated user | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4265 |
CVE-2022-4328 | The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4328 |
CVE-2023-0063 | The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0063 |
CVE-2023-0064 | The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0064 |
CVE-2023-0065 | The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0065 |
CVE-2023-0068 | The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0068 |
CVE-2023-0069 | The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0069 |
CVE-2023-0076 | The Download Attachments WordPress plugin through 1.2.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0076 |
CVE-2023-0078 | The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0078 |
CVE-2023-0165 | The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0165 |
CVE-2023-0212 | The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0212 |
CVE-2023-0328 | The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0328 |
CVE-2023-0377 | The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0377 |
CVE-2015-10094 | A vulnerability was found in Fastly Plugin up to 0.97. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The name of the patch is d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-10094 |
CVE-2023-0979 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData Informatics MedDataPACS.This issue affects MedDataPACS : before 2023-03-03. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0979 |
CVE-2022-4930 | A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.5 is able to address this issue. The name of the patch is 4da4d031732ecca67519851fd0c34597dbb8ee55. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222319. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4930 |
CVE-2023-1197 | Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1197 |
CVE-2023-1200 | A vulnerability was found in ehuacui bbs. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-222388. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1200 |
CVE-2023-24789 | jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24789 |
CVE-2023-25304 | Prism Launcher <= 6.1 is vulnerable to Directory Traversal. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25304 |
CVE-2023-27474 | Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain but which may contain malicious code. The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or later, or remove the custom reset url from the configured allow list. Users are advised to upgrade. Users unable to upgrade may disable the custom reset URL allow list as a workaround. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27474 |
CVE-2023-22481 | FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in `users/_/log_api.txt` in the case where the authentication fails. The issues occurs in `authorizationToUser()` in `greader.php`. If there is an issue with the request or the credentials, `unauthorized()` or `badRequest()` is called. Both these functions are printing the return of `debugInfo()` in the logs. `debugInfo()` will return the content of the request. By default, this will be saved in `users/_/log_api.txt` and if the const `COPY_LOG_TO_SYSLOG` is true, in syslogs as well. Exploiting this issue requires having access to logs produced by FreshRSS. Using the information from the logs, a malicious individual could get users' API keys (would be displayed if the users fills in a bad username) or passwords. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22481 |
CVE-2023-25169 | discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit `b3ab33bbf7` which is included in the latest version of the Discourse Yearly Review plugin. Users are advised to upgrade. Users unable to upgrade may disable the `yearly_review_enabled` setting to fully mitigate the issue. Also, it's possible to edit the anonymised user's old data in the yearly review topics manually. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25169 |
CVE-2023-23939 | Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This Kubectl tool installer runs `fs.chmodSync(kubectlPath, 777)` to set permissions on the Kubectl binary, however, this allows any local user to replace the Kubectl binary. This allows privilege escalation to the user that can also run kubectl, most likely root. This attack is only possible if an attacker somehow breached the GitHub actions runner or if a user is utilizing an Action that maliciously executes this attack. This has been fixed and released in all versions `v3` and later. 775 permissions are used instead. Users are advised to upgrade. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23939 |
CVE-2023-26054 | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1) Invoking build directly from a URL with credentials. 2) If the client sends additional version control system (VCS) info hint parameters on builds from a local source. Usually, that would mean reading the origin URL from `.git/config` file. When a build is performed under specific conditions where credentials were passed to BuildKit they may be visible to everyone who has access to provenance attestation. Provenance attestations and VCS info hints were added in version v0.11.0. Previous versions are not vulnerable. In v0.10, when building directly from Git URL, the same URL could be visible in `BuildInfo` structure that is a predecessor of Provenance attestations. Previous versions are not vulnerable. This bug has been fixed in v0.11.4. Users are advised to upgrade. Users unable to upgrade may disable VCS info hints by setting `BUILDX_GIT_INFO=0`. `buildctl` does not set VCS hints based on `.git` directory, and values would need to be passed manually with `--opt`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26054 |
CVE-2023-27472 | quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised (XSS vulnerability). Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name. This issue has been patched in version 1.28.1 of the application. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27472 |
CVE-2021-35377 | Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-35377 |
CVE-2023-24763 | In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24763 |
CVE-2023-24776 | Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \\controller\\Addon.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24776 |
CVE-2023-26600 | ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26600 |
CVE-2015-10095 | A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is 7c76ac78f3e16015991b612ff4fa616af4ce9292. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222327. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-10095 |
CVE-2021-36392 | In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-36392 |
CVE-2021-36393 | In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-36393 |
CVE-2021-36394 | In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-36394 |
CVE-2021-36395 | In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-36395 |
CVE-2021-36396 | In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-36396 |
CVE-2023-0093 | Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0093 |
CVE-2023-1161 | ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1161 |
CVE-2023-24733 | PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24733 |
CVE-2023-24734 | An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24734 |
CVE-2023-24735 | PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24735 |
CVE-2023-24736 | PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24736 |
CVE-2023-24737 | PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24737 |
CVE-2023-26949 | An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26949 |
CVE-2021-36397 | In Moodle, insufficient capability checks meant message deletions were not limited to the current user. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-36397 |
CVE-2021-36398 | In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-36398 |
CVE-2021-36399 | In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-36399 |
CVE-2021-36400 | In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-36400 |
CVE-2021-36401 | In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-36401 |
CVE-2021-36713 | Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version from 2012. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-36713 |
CVE-2022-42248 | QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-42248 |
CVE-2023-24217 | AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24217 |
CVE-2023-26601 | Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26601 |
CVE-2008-10004 | A vulnerability was found in Email Registration 5.x-2.1. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The name of the patch is 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-10004 |
CVE-2019-8720 | A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. | – | https://nvd.nist.gov/vuln/detail/CVE-2019-8720 |
CVE-2021-20251 | A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-20251 |
CVE-2021-36402 | In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-36402 |
CVE-2021-36403 | In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-36403 |
CVE-2022-3277 | An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3277 |
CVE-2022-3424 | A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3424 |
CVE-2022-3707 | A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3707 |
CVE-2022-3854 | A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3854 |
CVE-2022-3857 | A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3857 |
CVE-2022-45141 | Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45141 |
CVE-2022-45142 | The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45142 |
CVE-2022-4134 | A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4134 |
CVE-2022-4904 | A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4904 |
CVE-2023-0330 | A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0330 |
CVE-2023-27891 | rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27891 |
CVE-2017-20181 | A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20181 |
CVE-2023-1211 | SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1211 |
CVE-2023-1212 | Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1212 |
CVE-2023-22847 | Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22847 |
CVE-2023-23554 | Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23554 |
CVE-2023-1237 | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1237 |
CVE-2023-1238 | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1238 |
CVE-2023-1239 | Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1239 |
CVE-2023-1240 | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1240 |
CVE-2023-1241 | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1241 |
CVE-2023-1242 | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1242 |
CVE-2023-1243 | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1243 |
CVE-2023-1244 | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1244 |
CVE-2023-1245 | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1245 |
CVE-2022-3760 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3760 |
CVE-2023-1247 | Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1247 |
CVE-2023-26954 | onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Group module. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26954 |
CVE-2023-26955 | onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Admin Group module. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26955 |
CVE-2020-36667 | The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36667 |
CVE-2020-36668 | The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible for subscriber-level attackers, and above, to invoke the function and obtain database table information. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36668 |
CVE-2020-36669 | The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36669 |
CVE-2021-44196 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-44196 |
CVE-2021-44197 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-44197 |
CVE-2021-4330 | The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit – Import and versions up to and including 2.0.10 of Envato Elements & Download. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-4330 |
CVE-2021-4331 | The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to set as the default for users upon registration. This field is not hidden for lower-level users so any user with access to the Elementor page builder, such as contributors, can set the default role to administrator. Since contributors can not publish posts, only author+ users can elevate privileges without interaction via a site administrator (to approve a post). | – | https://nvd.nist.gov/vuln/detail/CVE-2021-4331 |
CVE-2021-4332 | The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the plugin used file_get_contents with no verification that the file being supplied was an SVG file, so any user with access to the Elementor page builder, such as contributors, could read arbitrary files on the WordPress installation. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-4332 |
CVE-2021-4333 | The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-4333 |
CVE-2022-4931 | The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4931 |
CVE-2022-4932 | The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4932 |
CVE-2023-1253 | A vulnerability, which was classified as critical, was found in SourceCodester Health Center Patient Record Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222483. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1253 |
CVE-2023-1254 | A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file birthing_print.php. The manipulation of the argument birth_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222484. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1254 |
CVE-2023-24781 | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \\member\\MemberLevel.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24781 |
CVE-2023-26953 | onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26953 |
CVE-2020-36670 | The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36670 |
CVE-2023-25690 | Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25690 |
CVE-2023-27522 | HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27522 |
CVE-2022-22297 | An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22297 |
CVE-2022-27490 | A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-27490 |
CVE-2022-39951 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-39951 |
CVE-2022-39953 | A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-39953 |
CVE-2022-40676 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-40676 |
CVE-2022-41328 | A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41328 |
CVE-2022-41329 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41329 |
CVE-2022-41333 | An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41333 |
CVE-2022-42476 | A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-42476 |
CVE-2022-45861 | An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45861 |
CVE-2022-46257 | An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploit this vulnerability, an attacker would need access to the GHES instance, permissions to modify GitHub Actions runner groups, and successfully guess the obfuscated ID of private repositories. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46257 |
CVE-2023-1257 | An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1257 |
CVE-2023-23776 | An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23776 |
CVE-2023-25223 | CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25223 |
CVE-2023-25230 | loonflow r2.0.14 is vulnerable to server-side request forgery (SSRF). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25230 |
CVE-2023-25605 | A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25605 |
CVE-2023-25611 | A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25611 |
CVE-2023-24775 | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \\member\\Member.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24775 |
CVE-2023-27475 | Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version 0.6.0, users are advised to upgrade. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27475 |
CVE-2023-27478 | libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably high `POLL_TIMEOUT` setting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27478 |
CVE-2023-27479 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of UIX parameters. A proof of concept exploit is to log in, add an `XWiki.UIExtensionClass` xobject to the user profile page, with an Extension Parameters content containing `label={{/html}} {{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("Hello " + "from groovy!"){{/groovy}}{{/async}}`. Then, navigating to `PanelsCode.ApplicationsPanelConfigurationSheet` (i.e., `<xwiki-host>/xwiki/bin/view/PanelsCode/ApplicationsPanelConfigurationSheet` where `<xwiki-host>` is the URL of your XWiki installation) should not execute the Groovy script. If it does, you will see `Hello from groovy!` displayed on the screen. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. For users unable to upgrade the issue can be fixed by editing the `PanelsCode.ApplicationsPanelConfigurationSheet` wiki page and making the same modifications as shown in commit `6de5442f3c`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27479 |
CVE-2023-27480 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. Users unable to upgrade may apply the patch `e3527b98fd` manually. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27480 |
CVE-2023-27481 | Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the `password` field in `directus_users` can extract the argon2 password hashes by brute forcing the export functionality combined with a `_starts_with` filter. This allows the user to enumerate the password hashes. Accounts cannot be taken over unless the hashes can be reversed which is unlikely with current hardware. This problem has been patched by preventing any hashed/concealed field to be filtered against with the `_starts_with` or other string operator in version 9.16.0. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by ensuring that no user has `read` access to the `password` field in `directus_users`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27481 |
CVE-2023-27485 | thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying `subresults`, it is possible to query `subresults` from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. This bug was fixed in commit `f1ae67d8bb2`and released with version 1.5.3. Users are advised to upgrade. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27485 |
CVE-2023-1003 | A vulnerability, which was classified as critical, was found in Typora up to 1.5.5. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1003 |
CVE-2023-20620 | In adsp, there is a possible escalation of privilege due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07554558; Issue ID: ALPS07554558. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20620 |
CVE-2023-20621 | In tinysys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664755; Issue ID: ALPS07664755. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20621 |
CVE-2023-20623 | In ion, there is a possible escalation of privilege due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559778; Issue ID: ALPS07559778. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20623 |
CVE-2023-20624 | In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628530; Issue ID: ALPS07628530. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20624 |
CVE-2023-20625 | In adsp, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628532; Issue ID: ALPS07628532. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20625 |
CVE-2023-20626 | In msdc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405223; Issue ID: ALPS07405223. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20626 |
CVE-2023-20627 | In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629585. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20627 |
CVE-2023-20628 | In thermal, there is a possible memory corruption due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494460; Issue ID: ALPS07494460. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20628 |
CVE-2023-20630 | In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628505; Issue ID: ALPS07628505. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20630 |
CVE-2023-20632 | In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628506; Issue ID: ALPS07628506. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20632 |
CVE-2023-20633 | In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628508; Issue ID: ALPS07628508. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20633 |
CVE-2023-20634 | In widevine, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07635697; Issue ID: ALPS07635697. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20634 |
CVE-2023-20635 | In keyinstall, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07563028. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20635 |
CVE-2023-20636 | In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292593; Issue ID: ALPS07292593. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20636 |
CVE-2023-20637 | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628588; Issue ID: ALPS07628588. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20637 |
CVE-2023-20638 | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628537; Issue ID: ALPS07628537. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20638 |
CVE-2023-20639 | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628587; Issue ID: ALPS07628587. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20639 |
CVE-2023-20640 | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629573; Issue ID: ALPS07629573. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20640 |
CVE-2023-20641 | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629574; Issue ID: ALPS07629574. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20641 |
CVE-2023-20642 | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628586; Issue ID: ALPS07628586. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20642 |
CVE-2023-20643 | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628584; Issue ID: ALPS07628584. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20643 |
CVE-2023-20644 | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628603; Issue ID: ALPS07628603. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20644 |
CVE-2023-20645 | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628609; Issue ID: ALPS07628609. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20645 |
CVE-2023-20646 | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628536; Issue ID: ALPS07628536. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20646 |
CVE-2023-20647 | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628547; Issue ID: ALPS07628547. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20647 |
CVE-2023-20648 | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628612; Issue ID: ALPS07628612. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20648 |
CVE-2023-20649 | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628607; Issue ID: ALPS07628607. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20649 |
CVE-2023-20650 | In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629577; Issue ID: ALPS07629577. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20650 |
CVE-2023-20651 | In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629576; Issue ID: ALPS07629576. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20651 |
CVE-2021-23185 | This candidate was in a CNA pool that was not assigned to any issues during 2021. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-23185 |
CVE-2021-23199 | This candidate was in a CNA pool that was not assigned to any issues during 2021. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-23199 |
CVE-2021-23212 | This candidate was in a CNA pool that was not assigned to any issues during 2021. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-23212 |
CVE-2023-1213 | Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1213 |
CVE-2023-1214 | Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1214 |
CVE-2023-1215 | Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1215 |
CVE-2023-1216 | Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1216 |
CVE-2023-1217 | Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1217 |
CVE-2023-1218 | Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1218 |
CVE-2023-1219 | Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1219 |
CVE-2023-1220 | Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1220 |
CVE-2023-1221 | Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1221 |
CVE-2023-1222 | Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1222 |
CVE-2023-1223 | Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1223 |
CVE-2023-1224 | Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1224 |
CVE-2023-1225 | Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1225 |
CVE-2023-1226 | Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1226 |
CVE-2023-1227 | Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1227 |
CVE-2023-1228 | Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1228 |
CVE-2023-1229 | Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1229 |
CVE-2023-1230 | Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1230 |
CVE-2023-1231 | Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1231 |
CVE-2023-1232 | Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1232 |
CVE-2023-1233 | Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1233 |
CVE-2023-1234 | Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1234 |
CVE-2023-1235 | Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1235 |
CVE-2023-1236 | Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1236 |
CVE-2023-1263 | The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1263 |
CVE-2023-1264 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1264 |
CVE-2023-26823 | An arbitrary file upload vulnerability in the /admin/template.php component of shopEx EcShop v4.1.5 allows attackers to execute arbitrary code via a crafted PHP file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26823 |