Security Bulletin 12 Apr 2023

Published on 12 Apr 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2021-40358A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations on the web server of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files.9.9https://nvd.nist.gov/vuln/detail/CVE-2021-40358
CVE-2016-6813Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-6813
CVE-2018-14054A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-14054
CVE-2018-14403MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The resulting type confusion can cause out-of-bounds memory access.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-14403
CVE-2021-34481Windows Print Spooler Elevation of Privilege Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2021-34481
CVE-2022-28368Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).9.8https://nvd.nist.gov/vuln/detail/CVE-2022-28368
CVE-2022-22978In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22978
CVE-2022-25765The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25765
CVE-2022-34718Windows TCP/IP Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34718
CVE-2022-34721Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34721
CVE-2022-34722Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34722
CVE-2022-44930D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44930
CVE-2022-41639A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-41639
CVE-2022-41794A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-41794
CVE-2022-41837An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-41837
CVE-2022-41838A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-41838
CVE-2022-44877login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44877
CVE-2023-0744Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-0744
CVE-2023-0777Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-0777
CVE-2023-22855Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-22855
CVE-2022-40347SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-40347
CVE-2022-40032SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-40032
CVE-2022-47986\nIBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2022-47986
CVE-2023-24812Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag (notes/search-by-tag). This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to upgrade should block access to the `api/notes/search-by-tag` endpoint.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-24812
CVE-2023-28343OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28343
CVE-2023-28531ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28531
CVE-2023-1529Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1529
CVE-2023-27100Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-27100
CVE-2022-46387ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-46387
CVE-2023-1674A vulnerability was found in SourceCodester School Registration and Fee System 1.0 and classified as critical. This issue affects some unknown processing of the file /bilal final/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224231.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1674
CVE-2023-1675A vulnerability was found in SourceCodester School Registration and Fee System 1.0. It has been classified as critical. Affected is an unknown function of the file /bilal final/edit_stud.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224232.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1675
CVE-2023-27394Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-27394
CVE-2023-27886Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP POST parameter called by index.php script.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-27886
CVE-2023-28398Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit this vulnerability to create a user account without providing valid credentials. A threat actor who successfully exploits this vulnerability could gain access to the pump controller and cause disruption in operation, modify data, or shut down the controller.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28398
CVE-2023-28631comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with `parse_document`. This AST can then be converted to HTML via `html::format_document_with_plugins`. However, the HTML formatting code assumes that the AST is well-formed. For example, many AST notes contain `[u8]` fields which the formatting code assumes is valid UTF-8 data. Several bugs can be triggered if this is not the case. Version 0.17.0 contains adjustments to the AST, storing strings instead of unvalidated byte arrays. Users are advised to upgrade. Users unable to upgrade may manually validate UTF-8 correctness of all data when assigning to `&[u8]` and `Vec<u8>` fields in the AST. This issue is also tracked as `GHSL-2023-049`.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28631
CVE-2023-28654Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through any normal operation of the device.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28654
CVE-2023-28712Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with www-data permissions.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28712
CVE-2022-45460Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system reboot. An unauthenticated and remote attacker can execute arbitrary code by sending a crafted HTTP request that triggers the overflow condition via a long URI passed to a sprintf call. NOTE: this is different than CVE-2018-10088, but this may overlap CVE-2017-16725.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-45460
CVE-2023-1684A vulnerability was found in HadSky 7.7.16. It has been classified as problematic. This affects an unknown part of the file upload/index.php?c=app&a=superadmin:index. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224241 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1684
CVE-2023-26968In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vulnerable to Unauthenticated File upload.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26968
CVE-2022-2825This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX V6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2825
CVE-2022-36972This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36972
CVE-2022-36974This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15330.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36974
CVE-2022-36975This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15332.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36975
CVE-2022-36976This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15333.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36976
CVE-2022-36977This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Certificate Management Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15449.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36977
CVE-2022-36978This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Notification Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15448.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36978
CVE-2022-36979This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AvalancheDaoSupport class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15493.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36979
CVE-2022-36981This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DeviceLogResource class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15966.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36981
CVE-2022-36983This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.3.101. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15919.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36983
CVE-2022-43634This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-43634
CVE-2023-28501Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based buffer overflow in the unirpcd daemon that, if successfully exploited, can lead to remote code execution as the root user.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28501
CVE-2023-28502Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the "udadmin" service that can lead to remote code execution as the root user.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28502
CVE-2023-28503Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28503
CVE-2023-28504Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow that can lead to remote code execution as the root user.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28504
CVE-2023-28507Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine will allocate increasing amounts of memory until all system memory is exhausted and the forked process crashes.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28507
CVE-2023-1699Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1699
CVE-2023-1712Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1712
CVE-2023-28731AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28731
CVE-2023-1725Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery.This issue affects Project Management System: before 4.09.31.125.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1725
CVE-2023-25076A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP, TLS or DTLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-25076
CVE-2023-1734A vulnerability classified as critical has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected is an unknown function of the file admin/products/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-224622 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1734
CVE-2023-1735A vulnerability classified as critical was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected by this vulnerability is an unknown functionality of the file passwordrecover.php. The manipulation of the argument phonenumber leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-224623.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1735
CVE-2023-1737A vulnerability, which was classified as critical, was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-224625 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1737
CVE-2023-27536An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-27536
CVE-2023-28462A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28462
CVE-2023-1741A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file SysDictMapper.java of the component Sleep Command Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224629 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1741
CVE-2023-1753Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1753
CVE-2023-1773A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1773
CVE-2023-26829An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26829
CVE-2023-28862An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an AuthBasic session.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28862
CVE-2023-28879In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28879
CVE-2023-28843PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data, and potentially affect system availability. The cause of this issue is that SQL queries were being constructed with user input which had not been properly filtered. Only deployments on PrestaShop 1.6 are affected. Users are advised to upgrade to module version 3.16.4. There are no known workarounds for this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28843
CVE-2023-23594An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724_r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-23594
CVE-2023-29141An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-29141
CVE-2023-1784A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1784
CVE-2023-26858SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26858
CVE-2022-47190Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-47190
CVE-2023-1789Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1789
CVE-2023-26822D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26822
CVE-2023-1791A vulnerability has been found in SourceCodester Simple Task Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224743.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1791
CVE-2023-1792A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/fields/manage_field.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224744.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1792
CVE-2023-1793A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /officer/assigncase.php of the component GET Parameter Handler. The manipulation of the argument caseid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224745 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1793
CVE-2023-1797A vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file sysCheckFile.php?mudi=sql. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224749 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1797
CVE-2023-1800A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224768.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1800
CVE-2023-27284IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-27284
CVE-2023-27286IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-27286
CVE-2023-28668Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28668
CVE-2023-28677Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted configuration that injects Pipeline script code into the (unsandboxed) Pipeline resulting from a convertion by Jenkins Convert To Pipeline Plugin.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28677
CVE-2023-26119Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26119
CVE-2023-1765Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akbim Computer Panon allows SQL Injection.This issue affects Panon: before 1.0.2.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1765
CVE-2022-38922BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38922
CVE-2022-38923BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38923
CVE-2022-43939Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-43939
CVE-2023-1728Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.This issue affects LMS: before 23.04.03.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1728
CVE-2023-1826A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\\admin\\system_info\\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1826
CVE-2023-1671A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1671
CVE-2023-1827A vulnerability has been found in SourceCodester Centralized Covid Vaccination Records System 1.0 and classified as critical. This vulnerability affects unknown code of the file /vaccinated/admin/maintenance/manage_location.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224842 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1827
CVE-2023-26866GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26866
CVE-2020-19279Directory Traversal vulnerability found in B3log Wide allows a an attacker to escalate privileges via symbolic links.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-19279
CVE-2020-19692Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-19692
CVE-2020-19693An issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFunc parameter of the jswrap_object.c:jswrap_function_replacewith endpoint.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-19693
CVE-2020-19695Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-19695
CVE-2020-20913SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-20913
CVE-2020-20914SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-20914
CVE-2020-20915SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-20915
CVE-2020-29312An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-29312
CVE-2021-28235Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-28235
CVE-2021-31707Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-31707
CVE-2023-26750SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26750
CVE-2023-26921OS Command Injection vulnerability in quectel AG550QCN allows attackers to execute arbitrary commands via ql_atfwd.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26921
CVE-2023-28613An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300. An integer overflow in IPv4 fragment handling can occur due to insufficient parameter validation when reassembling these fragments.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28613
CVE-2023-27488Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components that are used for logging and/or visibility, requests may not be logged by the receiving service. When Envoy was configured to use ext_authz, ext_proc, tap, ratelimit filters, and grpc access log service and an http header with non-UTF-8 data was received, Envoy would generate an invalid protobuf message and send it to the configured service. The receiving service would typically generate an error when decoding the protobuf message. For ext_authz that was configured with ``failure_mode_allow: true``, the request would have been allowed in this case. For the other services, this could have resulted in other unforeseen errors such as a lack of visibility into requests. As of versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy by default sanitizes the values sent in gRPC service calls to be valid UTF-8, replacing data that is not valid UTF-8 with a `!` character. This behavioral change can be temporarily reverted by setting runtime guard `envoy.reloadable_features.service_sanitize_non_utf8_strings` to false. As a workaround, one may set `failure_mode_allow: false` for `ext_authz`.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-27488
CVE-2023-1845A vulnerability, which was classified as critical, was found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_row.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224985 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1845
CVE-2023-1846A vulnerability has been found in SourceCodester Online Payroll System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/deduction_row.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224986 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1846
CVE-2023-1847A vulnerability was found in SourceCodester Online Payroll System 1.0 and classified as critical. This issue affects some unknown processing of the file attendance.php. The manipulation of the argument employee leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224987.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1847
CVE-2023-1848A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/attendance_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224988.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1848
CVE-2023-1849A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cashadvance_row.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224989 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1849
CVE-2023-1850A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224990 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1850
CVE-2023-1854A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224994 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1854
CVE-2023-1856A vulnerability has been found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/transactions/track_shipment.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224995.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1856
CVE-2023-20073A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-20073
CVE-2023-1877Command Injection in GitHub repository microweber/microweber prior to 1.3.3.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1877
CVE-2023-1951A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this issue is the function delete_brand of the file /admin/maintenance/brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225338 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1951
CVE-2023-1952A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as critical. This affects an unknown part of the file /?p=products of the component Product Search. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225339.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1952
CVE-2023-1955A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is an unknown function of the file login.php of the component User Registration. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225342 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1955
CVE-2023-1958A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225345 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1958
CVE-2023-28489A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation” is enabled. The parameter is disabled by default.\r\nThe vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28489
CVE-2023-21554Microsoft Message Queuing Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-21554
CVE-2023-28250Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28250
CVE-2021-37208A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Improper neutralization of special characters on the web server configuration page could allow an attacker, in a privileged position, to retrieve sensitive information via cross-site scripting.9.6https://nvd.nist.gov/vuln/detail/CVE-2021-37208
CVE-2022-26649A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.9.6https://nvd.nist.gov/vuln/detail/CVE-2022-26649
CVE-2023-27269SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files.  In this attack, no data can be read but potentially critical OS files can be overwritten making the system unavailable.\n\n9.6https://nvd.nist.gov/vuln/detail/CVE-2023-27269
CVE-2023-27501SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrity\n\n9.6https://nvd.nist.gov/vuln/detail/CVE-2023-27501
CVE-2020-21487Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php.9.6https://nvd.nist.gov/vuln/detail/CVE-2020-21487
CVE-2021-21276Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a request with specific cookie headers to the /setup/finish endpoint, they may be able to obtain admin privileges on the instance. This is caused by a loose comparison (==) in SetupController that is susceptible to attack. The project has been patched to ensure that a strict comparison (===) is used to verify the setup key, and that /setup/finish verifies that no users table exists before performing any migrations or provisioning any new accounts. This is fixed in version 2.3.0. Users can patch this vulnerability without upgrading by adding abort(404) to the very first line of finishSetup in SetupController.php.9.3https://nvd.nist.gov/vuln/detail/CVE-2021-21276
CVE-2022-36323Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-36323
CVE-2022-41649A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-41649
CVE-2023-24530SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application.\n\n9.1https://nvd.nist.gov/vuln/detail/CVE-2023-24530
CVE-2023-27290Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-27290
CVE-2022-2560This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP CompleteFTP Server v22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-2560
CVE-2022-2848This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX V6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-2848
CVE-2023-27162openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-27162
CVE-2022-47189Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-47189
CVE-2023-27487Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks and forge fake original paths. The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header would then be used for trace logs and grpc logs, as well as used in the URL used for `jwt_authn` checks if the `jwt_authn` filter is used, and any other upstream use of the x-envoy-original-path header. Attackers may forge a trusted `x-envoy-original-path` header. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 have patches for this issue.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-27487
CVE-2023-27491Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-27491
CVE-2023-27493Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of Envoy’s security policy. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. As a workaround, disable adding request headers based on the downstream request properties, such as downstream certificate properties.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-27493
CVE-2023-0432The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system (OS) from the device in the context of the user "root." If the attacker has credentials for the web service, then the device could be fully compromised.9https://nvd.nist.gov/vuln/detail/CVE-2023-0432

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2018-14325In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-14325
CVE-2018-14326In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-14326
CVE-2018-14379MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-14379
CVE-2018-14446MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted MP4 file.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-14446
CVE-2022-26647A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26647
CVE-2022-34700Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34700
CVE-2022-34726Microsoft ODBC Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34726
CVE-2022-34727Microsoft ODBC Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34727
CVE-2022-34730Microsoft ODBC Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34730
CVE-2022-34731Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34731
CVE-2022-34732Microsoft ODBC Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34732
CVE-2022-34733Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34733
CVE-2022-34734Microsoft ODBC Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34734
CVE-2022-35805Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35805
CVE-2022-35823Microsoft SharePoint Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35823
CVE-2022-35834Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35834
CVE-2022-35835Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35835
CVE-2022-35836Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35836
CVE-2022-35840Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35840
CVE-2022-35841Windows Enterprise App Management Service Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35841
CVE-2022-37961Microsoft SharePoint Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-37961
CVE-2022-38008Microsoft SharePoint Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38008
CVE-2022-38009Microsoft SharePoint Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38009
CVE-2022-31765Affected devices do not properly authorize the change password function of the web interface.\r\nThis could allow low privileged users to escalate their privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-31765
CVE-2022-3640A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3640
CVE-2022-41106Microsoft Excel Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-41106
CVE-2023-0315Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0315
CVE-2023-0493Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0493
CVE-2022-46552D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46552
CVE-2022-46604An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46604
CVE-2023-20076A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-20076
CVE-2023-24523An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges.  The OS command can read or modify any user or system data and can make the system unavailable.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24523
CVE-2023-22629An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-22629
CVE-2023-1219Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1219
CVE-2023-1220Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1220
CVE-2023-25616In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. Successful attack could highly impact the confidentiality, Integrity, and Availability of the system.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25616
CVE-2023-25617SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. Programs could impact the confidentiality, integrity and availability of the system.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25617
CVE-2023-27893An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700, 2008_1_710, 740, can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform.  Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27893
CVE-2023-1528Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1528
CVE-2023-1530Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1530
CVE-2023-1531Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1531
CVE-2023-1532Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1532
CVE-2023-1533Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1533
CVE-2023-1534Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1534
CVE-2023-24788RESERVED NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24788
CVE-2022-24352This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 211210 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko kernel module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15773.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24352
CVE-2022-24353This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-15769.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24353
CVE-2023-23355A vulnerability has been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute arbitrary commands via susceptible QNAP devices. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR. We have already fixed the vulnerability in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23355
CVE-2023-1509The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmace_manager_server function called via the wp_ajax_gmace_manager AJAX action. This makes it possible for unauthenticated attackers to modify arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1509
CVE-2022-27641This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15806.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27641
CVE-2022-27642This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27642
CVE-2022-27643This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27643
CVE-2022-27644This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27644
CVE-2022-27645This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27645
CVE-2022-27646This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27646
CVE-2022-36971This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the JwtTokenUtility class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15301.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36971
CVE-2022-36973This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15329.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36973
CVE-2022-3210This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15905.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3210
CVE-2022-42424This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18556.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-42424
CVE-2022-42425This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18555.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-42425
CVE-2022-42426This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18554.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-42426
CVE-2022-42427This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the contact groups configuration page. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18541.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-42427
CVE-2022-42428This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18410.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-42428
CVE-2022-42429This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18557.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-42429
CVE-2022-43608This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.03 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BJNP service. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16032.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-43608
CVE-2022-43620This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-16142.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-43620
CVE-2022-43621This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from an incorrectly implemented comparison. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-16152.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-43621
CVE-2022-43622This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When parsing the HNAP_AUTH header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16139.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-43622
CVE-2022-43630This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of http requests to the web management portal. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16150.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-43630
CVE-2022-43636This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of sufficient randomness in the sequnce numbers used for session managment. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-18334.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-43636
CVE-2022-43642This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the YouTube plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19222.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-43642
CVE-2022-43643This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Generic plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19460.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-43643
CVE-2022-43644This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19461.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-43644
CVE-2022-43645This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IVI plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19462.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-43645
CVE-2022-43646This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Vimeo plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19463.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-43646
CVE-2022-43647This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19464.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-43647
CVE-2022-43648This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 1.20B03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MiniDLNA service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the MiniDLNA service. Was ZDI-CAN-19910.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-43648
CVE-2023-28505Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a buffer overflow in an API function, where a string is copied into a caller-provided buffer without checking the length. This requires a valid login to exploit.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28505
CVE-2023-28506Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow, where a string is copied into a buffer using a memcpy-like function and a user-provided length. This requires a valid login to exploit.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28506
CVE-2023-28508Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based overflow vulnerability, where certain input can corrupt the heap and crash the forked process.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28508
CVE-2023-26482Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs, invoking webhooks or running scripts on the server. Due to this combination depending on the available apps the issue can result in a RCE at the end. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should disable app `workflow_scripts` and `workflow_pdf_converter` as a mitigation.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-26482
CVE-2023-28643Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the same name, while a memory cache is configured, the second share will replace the first one instead of being renamed to `{name} (2)`. It is recommended that the Nextcloud Server is upgraded to 25.0.3 or 24.0.9. Users unable to upgrade should avoid sharing 2 folders with the same name to the same user.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28643
CVE-2023-28833Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo or a favicon and to provided a file name which was not restricted and could overwrite files in the appdata directory. Administrators may have access to overwrite these files by other means but this method could be exploited by tricking an admin into uploading a maliciously named file. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should avoid ingesting logo files from untrusted sources.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28833
CVE-2022-47542Red Gate SQL Monitor 11.0.14 through 12.1.46 has Incorrect Access Control, exploitable remotely for Escalation of Privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-47542
CVE-2023-1736A vulnerability, which was classified as critical, has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected by this issue is some unknown functionality of the file cart/controller.php?action=add. The manipulation of the argument PROID leads to sql injection. The identifier of this vulnerability is VDB-224624.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1736
CVE-2023-27533A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27533
CVE-2023-27534A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27534
CVE-2023-1742A vulnerability was found in IBOS 4.5.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /?r=report/api/getlist of the component Report Search. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224630 is the identifier assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1742
CVE-2023-1744A vulnerability classified as critical was found in IBOS 4.5.5. This vulnerability affects unknown code of the component htaccess Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224632.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1744
CVE-2023-1747A vulnerability has been found in IBOS up to 4.5.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=email/api/mark&op=delFromSend. The manipulation of the argument emailids leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-224635.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1747
CVE-2023-1762Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1762
CVE-2023-28726Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28726
CVE-2023-28727Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28727
CVE-2022-47191Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-47191
CVE-2022-47192Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-47192
CVE-2022-42447HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-42447
CVE-2023-20558Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-20558
CVE-2023-20559Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-20559
CVE-2023-28674A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28674
CVE-2023-28676A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution (RCE).8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28676
CVE-2023-0820The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0820
CVE-2022-38072An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38072
CVE-2022-43938Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-43938
CVE-2022-43940Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-43940
CVE-2022-41633Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.2.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-41633
CVE-2023-25355CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privileges to `root`.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25355
CVE-2023-25356CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25356
CVE-2020-19278Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-19278
CVE-2020-21060SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-21060
CVE-2020-21514An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 allows attackers to gain escilated privlidges and execute arbitrary code due to a default password.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-21514
CVE-2023-0265Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0265
CVE-2023-1810Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1810
CVE-2023-1811Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1811
CVE-2023-1812Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1812
CVE-2023-1815Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1815
CVE-2023-1818Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1818
CVE-2023-1820Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1820
CVE-2023-0480VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0480
CVE-2022-4935The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying shipping method details, modifying products, deleting arbitrary posts, and privilege escalation (via the wp_ajax_wcfm_vendor_store_online AJAX action).8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4935
CVE-2022-4936The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying shipping method details, modifying products, deleting arbitrary posts, and more, via a forged request granted they can trick a site's administrator into performing an action such as clicking on a link.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4936
CVE-2022-4937The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more. There were hundreds of AJAX endpoints affected.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4937
CVE-2022-4938The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more, via a forged request granted they can trick a site's administrator into performing an action such as clicking on a link. There were hundreds of AJAX endpoints affected.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4938
CVE-2023-1953A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/sales/index.php. The manipulation of the argument date_start/date_end leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225340.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1953
CVE-2023-1954A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been rated as critical. This issue affects the function save_inventory of the file /admin/product/manage.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225341 was assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1954
CVE-2023-1956A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_img of the component Image Handler. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225343.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1956
CVE-2023-1957A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_sub_category of the component Subcategory Handler. The manipulation of the argument sub_category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225344.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1957
CVE-2023-1959A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225346 is the identifier assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1959
CVE-2023-1960A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225347.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1960
CVE-2023-28205A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28205
CVE-2023-21727Remote Procedure Call Runtime Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-21727
CVE-2023-24884Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24884
CVE-2023-24885Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24885
CVE-2023-24886Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24886
CVE-2023-24887Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24887
CVE-2023-24924Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24924
CVE-2023-24925Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24925
CVE-2023-24926Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24926
CVE-2023-24927Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24927
CVE-2023-24928Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24928
CVE-2023-24929Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24929
CVE-2023-28231DHCP Server Service Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28231
CVE-2023-28240Windows Network Load Balancing Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28240
CVE-2023-28243Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28243
CVE-2023-28275Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28275
CVE-2023-28297Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28297
CVE-2023-23857Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services across systems. On a successful exploitation, the attacker can read and modify some sensitive information but can also be used to lock up any element or operation of the system making that it unresponsive or unavailable.\n\n8.6https://nvd.nist.gov/vuln/detail/CVE-2023-23857
CVE-2023-20027A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper reassembly of large packets that occurs when VFR is enabled on either a tunnel interface or on a physical interface that is configured with a maximum transmission unit (MTU) greater than 4,615 bytes. An attacker could exploit this vulnerability by sending fragmented packets through a VFR-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-20027
CVE-2023-28206An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Big Sur 11.7.6, macOS Ventura 13.3.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-28206
CVE-2023-28291Raw Image Extension Remote Code Execution Vulnerability8.4https://nvd.nist.gov/vuln/detail/CVE-2023-28291
CVE-2023-28296Visual Studio Remote Code Execution Vulnerability8.4https://nvd.nist.gov/vuln/detail/CVE-2023-28296
CVE-2022-26648A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-26648
CVE-2022-30196Windows Secure Channel Denial of Service Vulnerability8.2https://nvd.nist.gov/vuln/detail/CVE-2022-30196
CVE-2023-28103matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the `Object.prototype`, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. This is fixed in matrix-react-sdk 3.69.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. Note this advisory is distinct from GHSA-2x9c-qwgf-94xr which refers to a similar issue.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-28103
CVE-2023-28427matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-28427
CVE-2023-28681Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-28681
CVE-2023-28682Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-28682
CVE-2023-28683Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-28683
CVE-2023-27089Cross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of service via a crafted payload in the login parameter.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-27089
CVE-2022-33647Windows Kerberos Elevation of Privilege Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2022-33647
CVE-2022-33679Windows Kerberos Elevation of Privilege Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2022-33679
CVE-2022-35830Remote Procedure Call Runtime Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2022-35830
CVE-2022-37958SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2022-37958
CVE-2022-41981A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-41981
CVE-2022-43597Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT8`.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-43597
CVE-2022-43598Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16`.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-43598
CVE-2022-43599Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8`8.1https://nvd.nist.gov/vuln/detail/CVE-2022-43599
CVE-2022-43600Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16`8.1https://nvd.nist.gov/vuln/detail/CVE-2022-43600
CVE-2022-43601Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16`8.1https://nvd.nist.gov/vuln/detail/CVE-2022-43601
CVE-2022-43602Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8`8.1https://nvd.nist.gov/vuln/detail/CVE-2022-43602
CVE-2023-27500An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.\n\n8.1https://nvd.nist.gov/vuln/detail/CVE-2023-27500
CVE-2022-48434libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).8.1https://nvd.nist.gov/vuln/detail/CVE-2022-48434
CVE-2023-26984An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-26984
CVE-2022-36980This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EnterpriseServer service. The issue results from the lack of proper locking when performing operations during authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15528.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-36980
CVE-2023-28219Layer 2 Tunneling Protocol Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-28219
CVE-2023-28220Layer 2 Tunneling Protocol Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-28220
CVE-2023-28244Windows Kerberos Elevation of Privilege Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-28244
CVE-2023-28268Netlogon RPC Elevation of Privilege Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-28268
CVE-2022-34663A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Affected devices are vulnerable to a web-based code injection attack via the console.\r\n\r\nAn attacker could exploit this vulnerability to inject code into the web server and cause malicious behavior in legitimate users accessing certain web resources on the affected\r\ndevice.8https://nvd.nist.gov/vuln/detail/CVE-2022-34663
CVE-2023-21778Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability8https://nvd.nist.gov/vuln/detail/CVE-2023-21778
CVE-2022-0650This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13993.8https://nvd.nist.gov/vuln/detail/CVE-2022-0650
CVE-2022-24973This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13992.8https://nvd.nist.gov/vuln/detail/CVE-2022-24973
CVE-2023-28718Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. This may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website.8https://nvd.nist.gov/vuln/detail/CVE-2023-28718
CVE-2022-27647This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.8https://nvd.nist.gov/vuln/detail/CVE-2022-27647
CVE-2022-42433This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N TL-WR841N(US)_V14_220121 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17356.8https://nvd.nist.gov/vuln/detail/CVE-2022-42433
CVE-2018-20669An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-20669
CVE-2022-29156drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-29156
CVE-2022-24527Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24527
CVE-2022-29581Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-29581
CVE-2022-1158A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1158
CVE-2022-2978A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2978
CVE-2022-30200Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-30200
CVE-2022-34719Windows Distributed File System (DFS) Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34719
CVE-2022-34729Windows GDI Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34729
CVE-2022-35803Windows Common Log File System Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35803
CVE-2022-37954DirectX Graphics Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37954
CVE-2022-37955Windows Group Policy Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37955
CVE-2022-37956Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37956
CVE-2022-37957Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37957
CVE-2022-37962Microsoft PowerPoint Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37962
CVE-2022-37963Microsoft Office Visio Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37963
CVE-2022-37964Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37964
CVE-2022-37969Windows Common Log File System Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37969
CVE-2022-38004Windows Fax Service Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38004
CVE-2022-38005Windows Print Spooler Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38005
CVE-2022-38010Microsoft Office Visio Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38010
CVE-2022-3176There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa636597.8https://nvd.nist.gov/vuln/detail/CVE-2022-3176
CVE-2022-41063Microsoft Excel Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41063
CVE-2022-45934An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-45934
CVE-2022-41281A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41281
CVE-2022-41282A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41282
CVE-2022-41283A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41283
CVE-2022-41284A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41284
CVE-2022-41285A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41285
CVE-2022-41286A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41286
CVE-2022-47521An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-47521
CVE-2022-3977A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3977
CVE-2023-21815Visual Studio Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-21815
CVE-2023-23381Visual Studio Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-23381
CVE-2023-26242afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26242
CVE-2022-3424A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3424
CVE-2023-23399Microsoft Excel Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-23399
CVE-2023-23420Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-23420
CVE-2023-20029A vulnerability in the Meraki onboarding feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root level privileges on an affected device. This vulnerability is due to insufficient memory protection in the Meraki onboarding feature of an affected device. An attacker could exploit this vulnerability by modifying the Meraki registration parameters. A successful exploit could allow the attacker to elevate privileges to root.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-20029
CVE-2023-0179A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0179
CVE-2022-24907This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16186.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24907
CVE-2022-24908This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16187.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24908
CVE-2023-1676A vulnerability was found in DriverGenius 9.70.0.346. It has been declared as critical. Affected by this vulnerability is the function 0x9C402088 in the library mydrivers64.sys of the component IOCTL Handler. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224233 was assigned to this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-1676
CVE-2023-0213Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0213
CVE-2022-27648This vulnerability allows remote attackers to execute arbitrary code on affected installations of KOYO Screen Creator 0.1.1.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SCA2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14868.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27648
CVE-2022-28303This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16280.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28303
CVE-2022-28304This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16171.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28304
CVE-2022-28305This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16172.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28305
CVE-2022-28306This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-16174.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28306
CVE-2022-28307This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. Crafted data in a DXF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16306.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28307
CVE-2022-28310This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16339.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28310
CVE-2022-28311This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. Crafted data in a DXF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16341.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28311
CVE-2022-28314This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16332.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28314
CVE-2022-28315This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16367.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28315
CVE-2022-28316This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16368.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28316
CVE-2022-28317This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16369.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28317
CVE-2022-28318This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16379.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28318
CVE-2022-28319This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16340.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28319
CVE-2022-28320This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16282.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28320
CVE-2022-28641This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16390.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28641
CVE-2022-28642This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16424.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28642
CVE-2022-28643This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16468.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28643
CVE-2022-28644This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16469.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28644
CVE-2022-28646This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16570.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28646
CVE-2022-28647This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16573.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28647
CVE-2022-28685This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of APP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17212.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28685
CVE-2022-28686This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17114.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28686
CVE-2022-28687This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16257.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28687
CVE-2022-28688This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17201.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28688
CVE-2022-2561This vulnerability allows remote attackers to execute arbitrary code on affected installations of OPC Labs QuickOPC 2022.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XML files in Connectivity Explorer. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16596.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2561
CVE-2022-36970This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of APP files. Crafted data in a APP file can cause the application to execute arbitrary Visual Basic scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of current process. Was ZDI-CAN-17370.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36970
CVE-2022-37349This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the submitForm method. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17142.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37349
CVE-2022-37350This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Collab objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17144.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37350
CVE-2022-37354This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17628.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37354
CVE-2022-37355This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. Crafted data in a JPG file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17629.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37355
CVE-2022-37356This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. Crafted data in a JPG file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17630.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37356
CVE-2022-37357This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. Crafted data in an ICO file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17631.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37357
CVE-2022-37358This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. Crafted data in a JPG file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17632.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37358
CVE-2022-37359This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17633.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37359
CVE-2022-37362This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. Crafted data in a PNG file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17660.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37362
CVE-2022-37363This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17673.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37363
CVE-2022-37364This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17634.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37364
CVE-2022-37365This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs method. The application exposes a JavaScript interface that allows the attacker to write arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-17527.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37365
CVE-2022-37366This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17727.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37366
CVE-2022-37367This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. Crafted data in an AcroForm can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17726.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37367
CVE-2022-37369This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17724.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37369
CVE-2022-37371This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17772.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37371
CVE-2022-37372This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17809.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37372
CVE-2022-37374This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18068.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37374
CVE-2022-37377This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537;. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaScript optimizations. The issue results from an improper optimization, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16733.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37377
CVE-2022-37378This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the optimization of JavaScript functions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16867.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37378
CVE-2022-37381This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFSpecial_KeystrokeEx method. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17110.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37381
CVE-2022-37384This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the delay method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17327.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37384
CVE-2022-37385This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17301.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37385
CVE-2022-37387This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17552.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37387
CVE-2022-37388This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17516.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37388
CVE-2022-37389This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17545.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37389
CVE-2022-37390This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17551.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37390
CVE-2022-37391This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17661.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37391
CVE-2022-42430This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlan_config data structure. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17543.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-42430
CVE-2022-42431This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the bcmdhd driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17544.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-42431
CVE-2022-43609This vulnerability allows remote attackers to execute arbitrary code on affected installations of IronCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP files. When parsing the VECTOR element, the process does not properly initialize a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17672.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43609
CVE-2022-43613This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. When parsing CGM files, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16356.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43613
CVE-2022-43614This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16357.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43614
CVE-2022-43616This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16371.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43616
CVE-2022-43617This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PCX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16372.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43617
CVE-2022-43618This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PCX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16377.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43618
CVE-2022-43637This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18626.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43637
CVE-2022-43638This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18627.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43638
CVE-2022-43639This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18628.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43639
CVE-2022-43641This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18894.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43641
CVE-2022-43649This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.2.12465. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19478.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43649
CVE-2023-28642runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28642
CVE-2022-44370NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:8567.8https://nvd.nist.gov/vuln/detail/CVE-2022-44370
CVE-2023-0664A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0664
CVE-2017-6894A vulnerability exists in FlexNet Manager Suite releases 2015 R2 SP3 and earlier (including FlexNet Manager Platform 9.2 and earlier) that affects the inventory gathering components and can be exploited by local users to perform certain actions with elevated privileges on the local system.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-6894
CVE-2021-41526A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-41526
CVE-2022-3787A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3787
CVE-2023-290593CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-29059
CVE-2022-4744A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-4744
CVE-2023-1393A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-1393
CVE-2023-1670A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-1670
CVE-2023-1745A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-1745
CVE-2023-28464hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28464
CVE-2023-0182NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data tampering.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0182
CVE-2023-0189NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0189
CVE-2023-0192NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0192
CVE-2023-0198NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0198
CVE-2023-26269Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26269
CVE-2023-0975A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0975
CVE-2023-1579Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-1579
CVE-2023-25940Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-25940
CVE-2023-25941Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-25941
CVE-2022-48226An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\\Windows\\Temp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-48226
CVE-2023-26733Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26733
CVE-2023-26775File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26775
CVE-2023-26991SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in the swf_ReadSWF2 function in lib/rfxswf.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26991
CVE-2023-27759An issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 allows a remote attacker to executea arbitrary commands via the WindowsCodescs.dll file.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27759
CVE-2023-27760An issue found in Wondershare Technology Co, Ltd Filmora v.12.0.9 allows a remote attacker to execute arbitrary commands via the filmora_setup_full846.exe.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27760
CVE-2023-27764An issue found in Wondershare Technology Co.,Ltd Repairit v.3.5.4 allows a remote attacker to execute arbitrary commands via the repairit_setup_full5913.exe file.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27764
CVE-2023-27765An issue found in Wondershare Technology Co.,Ltd Recoverit v.10.6.3 allows a remote attacker to execute arbitrary commands via the recoverit_setup_full4134.exe file.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27765
CVE-2023-27766An issue found in Wondershare Technology Co.,Ltd Anireel 1.5.4 allows a remote attacker to execute arbitrary commands via the anireel_setup_full9589.exe file.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27766
CVE-2023-27767An issue found in Wondershare Technology Co.,Ltd Dr.Fone v.12.4.9 allows a remote attacker to execute arbitrary commands via the drfone_setup_full3360.exe file.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27767
CVE-2023-27768An issue found in Wondershare Technology Co.,Ltd PDFelement v9.1.1 allows a remote attacker to execute arbitrary commands via the pdfelement-pro_setup_full5239.exe file.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27768
CVE-2023-27769An issue found in Wondershare Technology Co.,Ltd PDF Reader v.1.0.1 allows a remote attacker to execute arbitrary commands via the pdfreader_setup_full13143.exe file.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27769
CVE-2023-27770An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 allows a remote attacker to execute arbitrary commands via the edraw-max_setup_full5371.exe file.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27770
CVE-2023-27771An issue found in Wondershare Technology Co.,Ltd Creative Centerr v.1.0.8 allows a remote attacker to execute arbitrary commands via the wondershareCC_setup_full10819.exe file.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27771
CVE-2022-48222An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges).7.8https://nvd.nist.gov/vuln/detail/CVE-2022-48222
CVE-2022-48227An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-48227
CVE-2023-29053A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All versions < V13.3.0.0). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-29053
CVE-2023-23375Microsoft ODBC and OLE DB Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-23375
CVE-2023-24893Visual Studio Code Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-24893
CVE-2023-24912Windows Graphics Component Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-24912
CVE-2023-28225Windows NTLM Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28225
CVE-2023-28236Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28236
CVE-2023-28237Windows Kernel Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28237
CVE-2023-28246Windows Registry Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28246
CVE-2023-28248Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28248
CVE-2023-28252Windows Common Log File System Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28252
CVE-2023-28260.NET DLL Hijacking Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28260
CVE-2023-28262Visual Studio Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28262
CVE-2023-28272Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28272
CVE-2023-28274Windows Win32k Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28274
CVE-2023-28285Microsoft Office Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28285
CVE-2023-28292Raw Image Extension Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28292
CVE-2023-28293Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28293
CVE-2023-28304Microsoft ODBC and OLE DB Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28304
CVE-2023-28311Microsoft Word Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28311
CVE-2021-40359A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd4), OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 6), SIMATIC NET PC Software V17 (All versions < V17 SP1), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files.7.7https://nvd.nist.gov/vuln/detail/CVE-2021-40359
CVE-2022-38012Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability7.7https://nvd.nist.gov/vuln/detail/CVE-2022-38012
CVE-2023-28309Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability7.6https://nvd.nist.gov/vuln/detail/CVE-2023-28309
CVE-2017-11164In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-11164
CVE-2019-6568The webserver of the affected devices contains a vulnerability that may lead to\r\na denial of service condition. An attacker may cause a denial of service\r\nsituation which leads to a restart of the webserver of the affected device.\r\n\r\nThe security vulnerability could be exploited by an attacker with network\r\naccess to the affected systems. Successful exploitation requires no system\r\nprivileges and no user interaction. An attacker could use the vulnerability\r\nto compromise availability of the device.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-6568
CVE-2019-10923A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7, SIMATIC S7-400 CPU 412-2 DP V7, SIMATIC S7-400 CPU 412-2 PN/DP V7, SIMATIC S7-400 CPU 414-2 DP V7, SIMATIC S7-400 CPU 414-3 DP V7, SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-2 DP V7, SIMATIC S7-400 CPU 416-3 DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-2 DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, SIMATIC S7-400 CPU 417-4 DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SIMOTION, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 Control Unit, SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 V7, SIPLUS S7-400 CPU 417-4 V7. An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-10923
CVE-2019-13946Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit\ninternal resource allocation when multiple legitimate diagnostic package\nrequests are sent to the DCE-RPC interface.\nThis could lead to a denial of service condition due to lack of memory\nfor devices that include a vulnerable version of the stack.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to an affected device. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise the availability of the device.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-13946
CVE-2019-19282A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.\nSuccessful exploitation requires no system privileges and no user interaction.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-19282
CVE-2020-5330Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-5330
CVE-2019-19301A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X204IRT, SCALANCE X204IRT PRO, SCALANCE X206-1, SCALANCE X206-1LD, SCALANCE X208, SCALANCE X208PRO, SCALANCE X212-2, SCALANCE X212-2LD, SCALANCE X216, SCALANCE X224, SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XF201-3P IRT, SCALANCE XF202-2P IRT, SCALANCE XF204, SCALANCE XF204-2, SCALANCE XF204-2BA IRT, SCALANCE XF204IRT, SCALANCE XF206-1, SCALANCE XF208, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIMATIC CP 343-1 Advanced, SIMATIC CP 442-1 RNA, SIMATIC CP 443-1, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 RNA, SIMATIC RF180C, SIMATIC RF182C, SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SIPLUS NET SCALANCE X308-2. The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-19301
CVE-2021-33737A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3). Sending a specially crafted packet to port 102/tcp of an affected device could cause a denial of service condition. A restart is needed to restore normal operations.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33737
CVE-2021-37185A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-37185
CVE-2021-37204A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-37204
CVE-2021-37205A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-37205
CVE-2021-42016A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2100F (All versions), RUGGEDCOM M2200 (All versions < V4.3.8), RUGGEDCOM M2200F (All versions), RUGGEDCOM M969 (All versions < V4.3.8), RUGGEDCOM M969F (All versions), RUGGEDCOM RMC30 (All versions < V4.3.8), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.8), RUGGEDCOM RMC8388 V5.X (All versions < V5.6.0), RUGGEDCOM RP110 (All versions < V4.3.8), RUGGEDCOM RS1600 (All versions < V4.3.8), RUGGEDCOM RS1600F (All versions < V4.3.8), RUGGEDCOM RS1600T (All versions < V4.3.8), RUGGEDCOM RS400 (All versions < V4.3.8), RUGGEDCOM RS400F (All versions), RUGGEDCOM RS401 (All versions < V4.3.8), RUGGEDCOM RS416 (All versions < V4.3.8), RUGGEDCOM RS416F (All versions), RUGGEDCOM RS416P (All versions < V4.3.8), RUGGEDCOM RS416PF (All versions), RUGGEDCOM RS416Pv2 (All versions < V5.6.0), RUGGEDCOM RS416v2 (All versions < V5.6.0), RUGGEDCOM RS8000 (All versions < V4.3.8), RUGGEDCOM RS8000A (All versions < V4.3.8), RUGGEDCOM RS8000H (All versions < V4.3.8), RUGGEDCOM RS8000T (All versions < V4.3.8), RUGGEDCOM RS900 (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM RS900F (All versions), RUGGEDCOM RS900G (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.6.0), RUGGEDCOM RS900GF (All versions), RUGGEDCOM RS900GP (All versions < V4.3.8), RUGGEDCOM RS900GPF (All versions), RUGGEDCOM RS900L (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-XX (All versions < V4.3.8), RUGGEDCOM RS900M-STND-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-STND-XX (All versions < V4.3.8), RUGGEDCOM RS900W (All versions < V4.3.8), RUGGEDCOM RS910 (All versions < V4.3.8), RUGGEDCOM RS910L (All versions < V4.3.8), RUGGEDCOM RS910W (All versions < V4.3.8), RUGGEDCOM RS920L (All versions < V4.3.8), RUGGEDCOM RS920W (All versions < V4.3.8), RUGGEDCOM RS930L (All versions < V4.3.8), RUGGEDCOM RS930W (All versions < V4.3.8), RUGGEDCOM RS940G (All versions < V4.3.8), RUGGEDCOM RS940GF (All versions), RUGGEDCOM RS969 (All versions < V4.3.8), RUGGEDCOM RSG2100 (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM RSG2100F (All versions), RUGGEDCOM RSG2100P (All versions < V4.3.8), RUGGEDCOM RSG2100PF (All versions), RUGGEDCOM RSG2200 (All versions < V4.3.8), RUGGEDCOM RSG2200F (All versions), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2288 V5.X (All versions < V5.6.0), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300 V5.X (All versions < V5.6.0), RUGGEDCOM RSG2300F (All versions), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300P V5.X (All versions < V5.6.0), RUGGEDCOM RSG2300PF (All versions), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2488 V5.X (All versions < V5.6.0), RUGGEDCOM RSG2488F (All versions), RUGGEDCOM RSG907R (All versions < V5.6.0), RUGGEDCOM RSG908C (All versions < V5.6.0), RUGGEDCOM RSG909R (All versions < V5.6.0), RUGGEDCOM RSG910C (All versions < V5.6.0), RUGGEDCOM RSG920P V4.X (All versions < V4.3.8), RUGGEDCOM RSG920P V5.X (All versions < V5.6.0), RUGGEDCOM RSL910 (All versions < V5.6.0), RUGGEDCOM RST2228 (All versions < V5.6.0), RUGGEDCOM RST2228P (All versions < V5.6.0), RUGGEDCOM RST916C (All versions < V5.6.0), RUGGEDCOM RST916P (All versions < V5.6.0). A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. \r\n\r\nIf a threat actor were to exploit this, the data integrity and security could be compromised.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-42016
CVE-2021-42020A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The third-party component, in its TFTP functionality fails to check for null terminations in file names.\r\n\r\nIf an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-42020
CVE-2022-24716Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24716
CVE-2021-40368A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions < V10.1), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions < V8.2.3), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Affected devices improperly handle specially crafted packets sent to port 102/tcp.\n\nThis could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40368
CVE-2022-29885The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-29885
CVE-2022-31778Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31778
CVE-2022-34720Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34720
CVE-2022-34724Windows DNS Server Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34724
CVE-2022-35833Windows Secure Channel Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35833
CVE-2022-35838HTTP V3 Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35838
CVE-2021-40365A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516T-3 PN/DP, SIMATIC S7-1500 CPU 1516TF-3 PN/DP, SIMATIC S7-1500 CPU 1517-3 PN/DP, SIMATIC S7-1500 CPU 1517F-3 PN/DP, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN/DP, SIMATIC S7-1500 CPU 1517TF-3 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518F-4 PN/DP, SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN/DP, SIMATIC S7-1500 CPU 1518TF-4 PN/DP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1515R-2 PN, SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1517H-3 PN, SIPLUS S7-1500 CPU 1518-4 PN/DP, SIPLUS S7-1500 CPU 1518-4 PN/DP MFP, SIPLUS S7-1500 CPU 1518F-4 PN/DP, SIPLUS S7-1500 CPU 1518HF-4 PN, SIPLUS TIM 1531 IRC, TIM 1531 IRC. Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40365
CVE-2022-41988An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-41988
CVE-2022-41999A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-41999
CVE-2023-27567In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-27567
CVE-2022-41333An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-41333
CVE-2023-27271In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-27271
CVE-2023-27896In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-27896
CVE-2023-28450An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28450
CVE-2023-24709An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24709
CVE-2023-20107A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. This vulnerability is due to insufficient entropy in the DRBG for the affected hardware platforms when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-20107
CVE-2023-26071An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An Observable Response Discrepancy can occur under the login web page. In particular, the web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor. That allow an unauthorized actor to perform User Enumeration attacks.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26071
CVE-2023-28395Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28395
CVE-2020-8889The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information (via action=export) because a typo results in a successful comparison of a blank password and NULL.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-8889
CVE-2023-1518CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1518
CVE-2023-28375Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a GET parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28375
CVE-2022-46397FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-46397
CVE-2023-1682A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dayrui/My/Config/Install.txt. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224239.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1682
CVE-2023-1683A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this issue is some unknown functionality of the file /dayrui/Fcms/View/system_log.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224240.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1683
CVE-2023-1680A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61. This issue affects some unknown processing of the file /dayrui/My/View/main.html. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224237 was assigned to this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1680
CVE-2022-36982This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandler class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored session cookies, leading to further compromise. Was ZDI-CAN-15967.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36982
CVE-2022-37012This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpcUa_SecureListener_ProcessSessionCallRequest method. A crafted OPC UA message can force the server to incorrectly update a reference count. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-16927.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37012
CVE-2022-37013This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537 [with vendor rollup]. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. A crafted certificate can force the server into an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-17203.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37013
CVE-2020-14140When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-14140
CVE-2023-1656Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1656
CVE-2019-8963A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher's lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-8963
CVE-2023-0836An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-0836
CVE-2023-28509Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 use weak encryption for packet-level security and passwords transferred on the wire.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28509
CVE-2023-26116All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26116
CVE-2023-26117All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26117
CVE-2023-26118All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26118
CVE-2023-1014Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Virames Vira-Investing allows Account Footprinting.This issue affects Vira-Investing: before 1.0.84.86.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1014
CVE-2023-28732Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin in versions below 8.3.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28732
CVE-2022-30350Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online tool provides users with a "white out" functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does not remove underlying text or PDF object specification information from the PDF. As a result, for example, redacted text may be copy-pasted by a PDF reader.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-30350
CVE-2022-30351PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to correctly remove redacted information from a supplied PDF file, does not properly sanitize this information in all cases, causing redacted information, including images and text embedded in the PDF file, to be leaked unintentionally. In cases where PDF text objects are present it is possible to copy-paste redacted information into the system clipboard. Once a document is "locked" and marked for redaction once, all redactions performed after this feature is triggered are vulnerable.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-30351
CVE-2023-22845An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-22845
CVE-2023-24472A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24472
CVE-2023-24473An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24473
CVE-2023-28644Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28644
CVE-2023-28835Nextcloud server is an open source home cloud implementation. In affected versions the generated fallback password when creating a share was using a weak complexity random number generator, so when the sharer did not change it the password could be guessable to an attacker willing to brute force it. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. This issue only affects users who do not have a password policy enabled, so enabling a password policy is an effective mitigation for users unable to upgrade.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28835
CVE-2023-27535An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-27535
CVE-2023-28846Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service (DoS) vulnerability in the `unpoly-rails` gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load balancer's that uses passive health checks. The `unpoly-rails` gem echoes the request URL as an `X-Up-Location` response header. By making a request with exceedingly long URLs (paths or query string), an attacker can cause unpoly-rails to write a exceedingly large response header. If the response header is too large to be parsed by a load balancer downstream of the Rails application, it may cause the load balancer to remove the upstream from a load balancing group. This causes that application instance to become unavailable until a configured timeout is reached or until an active healthcheck succeeds. This issue has been fixed and released as version 2.7.2.2 which is available via RubyGems and GitHub. Users unable to upgrade may: Configure your load balancer to use active health checks, e.g. by periodically requesting a route with a known response that indicates healthiness; Configure your load balancer so the maximum size of response headers is at least twice the maximum size of a URL; or instead of changing your server configuration you may also configure your Rails application to delete redundant `X-Up-Location` headers set by unpoly-rails.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28846
CVE-2023-28755A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28755
CVE-2023-28756A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28756
CVE-2023-0343Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and the key are static, and this may allow an attacker to decrypt messages.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-0343
CVE-2023-0344Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-0344
CVE-2023-28877The VTEX apps-graphql@2.x GraphQL API module does not properly restrict unauthorized access to private configuration data. (apps-graphql@3.x is unaffected by this issue.)7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28877
CVE-2023-26925An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26925
CVE-2023-27159Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-27159
CVE-2022-4899A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-4899
CVE-2022-46021X-Man 1.0 has a SQL injection vulnerability, which can cause data leakage.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-46021
CVE-2022-47188There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-47188
CVE-2023-24824cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24824
CVE-2023-26485cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `_` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources. ### Impact A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. ### Proof of concept ``` $ ~/cmark-gfm$ python3 -c 'pad = "_" * 100000; print(pad + "." + pad, end="")' | time ./build/src/cmark-gfm --to plaintext ``` Increasing the number 10000 in the above commands causes the running time to increase quadratically. ### Patches This vulnerability have been patched in 0.29.0.gfm.10. ### Note on cmark and cmark-gfm XXX: TBD [cmark-gfm](https://github.com/github/cmark-gfm) is a fork of [cmark](https://github.com/commonmark/cmark) that adds the GitHub Flavored Markdown extensions. The two codebases have diverged over time, but share a common core. These bugs affect both `cmark` and `cmark-gfm`. ### Credit We would like to thank @gravypod for reporting this vulnerability. ### References https://en.wikipedia.org/wiki/Time_complexity ### For more information If you have any questions or comments about this advisory: * Open an issue in [github/cmark-gfm](https://github.com/github/cmark-gfm)7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26485
CVE-2023-1790A vulnerability, which was classified as problematic, was found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224724.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1790
CVE-2023-27025An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-27025
CVE-2023-1580Uncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the system unusable.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1580
CVE-2023-28680Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28680
CVE-2023-28625mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28625
CVE-2022-36440A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36440
CVE-2023-29218The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited in the wild in March and April 2023.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-29218
CVE-2023-26916libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26916
CVE-2023-26855The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26855
CVE-2023-26976Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26976
CVE-2020-23257Buffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-23257
CVE-2020-23258An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-23258
CVE-2020-23259An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-23259
CVE-2020-23260An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-23260
CVE-2022-48221An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This gives a standard user full SYSTEM code execution (elevation of privileges).7.5https://nvd.nist.gov/vuln/detail/CVE-2022-48221
CVE-2023-27496Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script).7.5https://nvd.nist.gov/vuln/detail/CVE-2023-27496
CVE-2023-1858A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as problematic. This affects an unknown part of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-224997 was assigned to this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1858
CVE-2023-20051A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vulnerability is due to the VPP improperly handling a malformed packet. An attacker could exploit this vulnerability by sending a malformed Encapsulating Security Payload (ESP) packet over an IPsec connection. A successful exploit could allow the attacker to stop ICMP traffic over an IPsec connection and cause a denial of service (DoS).7.5https://nvd.nist.gov/vuln/detail/CVE-2023-20051
CVE-2022-43716A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-43716
CVE-2022-43767A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-43767
CVE-2022-43768A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-43768
CVE-2023-28766A vulnerability has been identified in SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.40), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions < V9.40), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.40), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.40), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.40), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.40), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.40), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.40), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.40), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.40), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions < V9.40), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service.\r\nAn unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28766
CVE-2023-21769Microsoft Message Queuing Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-21769
CVE-2023-24860Microsoft Defender Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24860
CVE-2023-24931Windows Secure Channel Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24931
CVE-2023-28217Windows Network Address Translation (NAT) Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28217
CVE-2023-28227Windows Bluetooth Driver Remote Code Execution Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28227
CVE-2023-28232Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28232
CVE-2023-28233Windows Secure Channel Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28233
CVE-2023-28234Windows Secure Channel Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28234
CVE-2023-28238Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28238
CVE-2023-28241Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28241
CVE-2023-28247Windows Network File System Information Disclosure Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28247
CVE-2023-28300Azure Service Connector Security Feature Bypass Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28300
CVE-2023-28302Microsoft Message Queuing Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28302
CVE-2023-26459Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability.\n\n7.4https://nvd.nist.gov/vuln/detail/CVE-2023-26459
CVE-2022-30170Windows Credential Roaming Service Elevation of Privilege Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2022-30170
CVE-2022-38020Visual Studio Code Elevation of Privilege Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2022-38020
CVE-2022-26032Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-26032
CVE-2022-48225An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute (with elevated privileges) multiple non-existent DLLs out of a non-existent standard-user writable location.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-48225
CVE-2022-48224An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution (elevation of privileges).7.3https://nvd.nist.gov/vuln/detail/CVE-2022-48224
CVE-2023-26293A vulnerability has been identified in TIA Portal V15 (All versions), TIA Portal V16 (All versions), TIA Portal V17 (All versions), TIA Portal V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution.7.3https://nvd.nist.gov/vuln/detail/CVE-2023-26293
CVE-2023-23384Microsoft SQL Server Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-23384
CVE-2023-0669Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-0669
CVE-2023-27498SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about the server. It can also make a particular service temporarily unavailable\n\n7.2https://nvd.nist.gov/vuln/detail/CVE-2023-27498
CVE-2023-26262An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-26262
CVE-2023-1685A vulnerability was found in HadSky up to 7.11.8. It has been declared as critical. This vulnerability affects unknown code of the file /install/index.php of the component Installation Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224242 is the identifier assigned to this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-1685
CVE-2022-45355Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipes plugin <= 1.33 versions.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-45355
CVE-2023-26830An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-26830
CVE-2023-27160forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-27160
CVE-2023-1124The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-1124
CVE-2022-4934A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-4934
CVE-2021-3267File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-3267
CVE-2023-27091An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s).7.2https://nvd.nist.gov/vuln/detail/CVE-2023-27091
CVE-2023-26856Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/ajax.php?action=login.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-26856
CVE-2023-26857An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-26857
CVE-2023-20124A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not released software updates that address this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-20124
CVE-2023-20128Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-20128
CVE-2023-28254Windows DNS Server Remote Code Execution Vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2023-28254
CVE-2022-36969This vulnerability allows remote attackers to disclose sensitive information on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the LoadImportedLibraries method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. Was ZDI-CAN-17394.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-36969
CVE-2022-43650This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. Crafted data in a ZIP file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-19232.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-43650
CVE-2023-1652A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-1652
CVE-2023-0208NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-0208
CVE-2023-0180NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-0180
CVE-2023-0181NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-0181
CVE-2023-0183NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-0183
CVE-2023-0185NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-0185
CVE-2023-0186NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service and data tampering.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-0186
CVE-2023-0191NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-0191
CVE-2023-25303ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-25303
CVE-2023-25305PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-25305
CVE-2023-28222Windows Kernel Elevation of Privilege Vulnerability7.1https://nvd.nist.gov/vuln/detail/CVE-2023-28222
CVE-2023-28224Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability7.1https://nvd.nist.gov/vuln/detail/CVE-2023-28224
CVE-2022-1537file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.7https://nvd.nist.gov/vuln/detail/CVE-2022-1537
CVE-2022-26928Windows Photo Import API Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2022-26928
CVE-2022-34725Windows ALPC Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2022-34725
CVE-2023-27561runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.7https://nvd.nist.gov/vuln/detail/CVE-2023-27561
CVE-2023-24914Win32k Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-24914
CVE-2023-28216Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-28216
CVE-2023-28218Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-28218
CVE-2023-28221Windows Error Reporting Service Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-28221
CVE-2023-28229Windows CNG Key Isolation Service Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-28229
CVE-2023-28273Windows Clip Service Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-28273
CVE-2023-20100A vulnerability in the access point (AP) joining process of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error that occurs when certain conditions are met during the AP joining process. An attacker could exploit this vulnerability by adding an AP that is under their control to the network. The attacker then must ensure that the AP successfully joins an affected wireless controller under certain conditions. Additionally, the attacker would need the ability to restart a valid AP that was previously connected to the controller. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition.6.8https://nvd.nist.gov/vuln/detail/CVE-2023-20100
CVE-2022-43619This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of ConfigFileUpload requests to the web management portal. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16141.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-43619
CVE-2022-43623This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetWebFilterSetting requests to the web management portal. When parsing the WebFilterURLs element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16140.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-43623
CVE-2022-43624This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetStaticRouteIPv6Settings requests to the web management portal. When parsing subelements within the StaticRouteIPv6List element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16145.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-43624
CVE-2022-43625This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetStaticRouteIPv4Settings requests to the web management portal. When parsing the NetMask element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16144.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-43625
CVE-2022-43626This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetIPv4FirewallSettings requests to the web management portal. When parsing subelements within the IPv4FirewallRule element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16146.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-43626
CVE-2022-43627This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetStaticRouteIPv4Settings requests to the web management portal. When parsing subelements within the StaticRouteIPv4Data element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16147.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-43627
CVE-2022-43628This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetIPv6FirewallSettings requests to the web management portal. When parsing subelements within the IPv6FirewallRule element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16148.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-43628
CVE-2022-43629This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetSysEmailSettings requests to the web management portal. When parsing subelements within the SetSysEmailSettings element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16149.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-43629
CVE-2022-43631This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetVirtualServerSettings requests to the web management portal. When parsing subelements within the VirtualServerInfo element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16151.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-43631
CVE-2022-43632This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetQoSSettings requests to the web management portal. When parsing subelements within the QoSInfo element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16153.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-43632
CVE-2022-43633This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetSysLogSettings requests to the web management portal. When parsing the IPAddress element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16154.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-43633
CVE-2023-28647Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In versions prior to 4.7.0 when an attacker has physical access to an unlocked device, they may enable the integration into the iOS Files app and bypass the Nextcloud pin/password protection and gain access to a users files. It is recommended that the Nextcloud iOS app is upgraded to 4.7.0. There are no known workarounds for this vulnerability.6.8https://nvd.nist.gov/vuln/detail/CVE-2023-28647
CVE-2023-28235Windows Lock Screen Security Feature Bypass Vulnerability6.8https://nvd.nist.gov/vuln/detail/CVE-2023-28235
CVE-2023-28270Windows Lock Screen Security Feature Bypass Vulnerability6.8https://nvd.nist.gov/vuln/detail/CVE-2023-28270
CVE-2023-20097A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root access on the AP.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-20097
CVE-2023-0620HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command. This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-0620
CVE-2022-48223An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-48223
CVE-2023-20023Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-20023
CVE-2023-20152Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-20152
CVE-2023-29054A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default.\r\n\r\nThis could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data\r\npassed over the connection between legitimate clients and the affected device.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-29054
CVE-2023-28223Windows Domain Name Service Remote Code Execution Vulnerability6.6https://nvd.nist.gov/vuln/detail/CVE-2023-28223
CVE-2023-28255Windows DNS Server Remote Code Execution Vulnerability6.6https://nvd.nist.gov/vuln/detail/CVE-2023-28255
CVE-2023-28256Windows DNS Server Remote Code Execution Vulnerability6.6https://nvd.nist.gov/vuln/detail/CVE-2023-28256
CVE-2023-28278Windows DNS Server Remote Code Execution Vulnerability6.6https://nvd.nist.gov/vuln/detail/CVE-2023-28278
CVE-2023-28305Windows DNS Server Remote Code Execution Vulnerability6.6https://nvd.nist.gov/vuln/detail/CVE-2023-28305
CVE-2023-28306Windows DNS Server Remote Code Execution Vulnerability6.6https://nvd.nist.gov/vuln/detail/CVE-2023-28306
CVE-2023-28307Windows DNS Server Remote Code Execution Vulnerability6.6https://nvd.nist.gov/vuln/detail/CVE-2023-28307
CVE-2023-28308Windows DNS Server Remote Code Execution Vulnerability6.6https://nvd.nist.gov/vuln/detail/CVE-2023-28308
CVE-2018-4843A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (All versions < V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.16), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX 2010 (All versions < V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions < V2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted\r\nPROFINET DCP packet could cause a Denial-of-Service condition of the requesting\r\nsystem.\r\n\r\nThe security vulnerability could be exploited by an attacker located on\r\nthe same Ethernet segment (OSI Layer 2) as the targeted device. Successful\r\nexploitation requires no user interaction or privileges and impacts the\r\navailability of core functionality of the affected device. A manual restart\r\nis required to recover the system.\r\n\r\nAt the time of advisory publication no public exploitation of this security\r\nvulnerability is known. Siemens provides mitigations to resolve the\r\nsecurity issue. PROFIBUS interfaces are not affected.6.5https://nvd.nist.gov/vuln/detail/CVE-2018-4843
CVE-2018-17235The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2018-17235
CVE-2018-17236The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal.6.5https://nvd.nist.gov/vuln/detail/CVE-2018-17236
CVE-2020-35391Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-35391
CVE-2022-35837Windows Graphics Component Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35837
CVE-2022-37959Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2022-37959
CVE-2022-38006Windows Graphics Component Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2022-38006
CVE-2022-30694The login endpoint /FormLogin in affected web services does not apply proper origin checking.\r\n\r\nThis could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-30694
CVE-2022-46144A vulnerability has been identified in SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= 2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= 2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= 2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= 2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= 2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= 2.3 < V3.0). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-46144
CVE-2022-44268ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).6.5https://nvd.nist.gov/vuln/detail/CVE-2022-44268
CVE-2023-24524SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-24524
CVE-2023-24528SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network and successful exploitation can lead to exposure of data like travel documents.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-24528
CVE-2023-25618SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-25618
CVE-2023-27270SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-27270
CVE-2023-27895SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful exploitation, an attacker can read some sensitive information but cannot modify and delete the data.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-27895
CVE-2023-20067A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic through a wireless access point. A successful exploit could allow the attacker to cause CPU utilization to increase, which could result in a DoS condition on an affected device and could cause new wireless client associations to fail. Once the offending traffic stops, the affected system will return to an operational state and new client associations will succeed.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-20067
CVE-2023-28859redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutions for CVE-2023-28859 address data leakage across AsyncIO connections in general.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28859
CVE-2022-24972This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13911.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24972
CVE-2023-25721Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users (with access to view the job log) to discover proxy credentials.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-25721
CVE-2023-27167Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-27167
CVE-2022-43635This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the incorrect implementation of the authentication algorithm. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17332.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-43635
CVE-2023-0665HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0665
CVE-2023-1775When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1775
CVE-2023-29139An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout).6.5https://nvd.nist.gov/vuln/detail/CVE-2023-29139
CVE-2023-27163request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-27163
CVE-2023-28645Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the `WOPI configuration` is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28645
CVE-2023-28844Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28844
CVE-2023-0197NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0197
CVE-2023-1202Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1202
CVE-2023-1574Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1574
CVE-2023-1603Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1603
CVE-2023-28672Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28672
CVE-2023-28684Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28684
CVE-2023-1330The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1330
CVE-2023-0977A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0977
CVE-2022-43771Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-43771
CVE-2022-43772Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-43772
CVE-2022-43941Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-43941
CVE-2023-0614The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0614
CVE-2023-25942Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-25942
CVE-2023-28997The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28997
CVE-2023-29000The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files with a key known to the attacker. This issue is fixed in Nextcloud Desktop 3.7.0. No known workarounds are available.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-29000
CVE-2020-19850An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-19850
CVE-2023-27492Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger crashes. As of versions versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy no longer invokes the Lua coroutine if the filter has been reset. As a workaround for those whose Lua filter is buffering all requests/ responses, mitigate by using the buffer filter to avoid triggering the local reply in the Lua filter.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-27492
CVE-2023-1813Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1813
CVE-2023-1814Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1814
CVE-2023-1816Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1816
CVE-2023-1817Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1817
CVE-2023-1819Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1819
CVE-2023-1821Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1821
CVE-2023-1822Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1822
CVE-2023-1823Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1823
CVE-2023-28853Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection attack to leak arbitrary attributes from LDAP database. This issue is fixed in versions 3.5.8, 4.0.4, and 4.1.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28853
CVE-2023-0382User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0382
CVE-2023-1865The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrc_nuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels from the plugin.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1865
CVE-2023-20127Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-20127
CVE-2023-20129Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-20129
CVE-2023-20130Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-20130
CVE-2023-20134Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-20134
CVE-2023-24883Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-24883
CVE-2023-28267Remote Desktop Protocol Client Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28267
CVE-2023-28288Microsoft SharePoint Server Spoofing Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28288
CVE-2023-28312Azure Machine Learning Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28312
CVE-2022-3093This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17463.6.4https://nvd.nist.gov/vuln/detail/CVE-2022-3093
CVE-2023-28999Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files.? This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available.6.4https://nvd.nist.gov/vuln/detail/CVE-2023-28999
CVE-2023-1544A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.6.3https://nvd.nist.gov/vuln/detail/CVE-2023-1544
CVE-2023-25809runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host . Other users's cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. Users unable to upgrade may unshare the cgroup namespace (`(docker|podman|nerdctl) run --cgroupns=private)`. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. or add `/sys/fs/cgroup` to `maskedPaths`.6.3https://nvd.nist.gov/vuln/detail/CVE-2023-25809
CVE-2022-3960Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin.6.3https://nvd.nist.gov/vuln/detail/CVE-2022-3960
CVE-2023-1611A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea6.3https://nvd.nist.gov/vuln/detail/CVE-2023-1611
CVE-2023-23588A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application.\r\nA local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.6.2https://nvd.nist.gov/vuln/detail/CVE-2023-23588
CVE-2023-28249Windows Boot Manager Security Feature Bypass Vulnerability6.2https://nvd.nist.gov/vuln/detail/CVE-2023-28249
CVE-2023-28269Windows Boot Manager Security Feature Bypass Vulnerability6.2https://nvd.nist.gov/vuln/detail/CVE-2023-28269
CVE-2022-28598Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-28598
CVE-2023-23286Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-23286
CVE-2023-23852SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-23852
CVE-2023-23853An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. Vulnerability has no direct impact on availability.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-23853
CVE-2023-23859SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-23859
CVE-2023-23860SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-23860
CVE-2023-24521Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-24521
CVE-2023-24522Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-24522
CVE-2023-24529Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-24529
CVE-2023-25614SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive information which leads to a limited impact on the confidentiality and the integrity of the application.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-25614
CVE-2022-29273pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-29273
CVE-2021-36713Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version from 2012.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-36713
CVE-2023-26457SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-26457
CVE-2023-1051Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in As Koc Energy Web Report System allows Reflected XSS.This issue affects Web Report System: before 23.03.10.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1051
CVE-2023-28648Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-28648
CVE-2023-1690A vulnerability, which was classified as problematic, has been found in SourceCodester Earnings and Expense Tracker App 1.0. This issue affects some unknown processing of the file LoginRegistration.php?a=register_user. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-224309 was assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1690
CVE-2023-26290Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-26290
CVE-2023-26291Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-26291
CVE-2023-26292Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_submit.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_submit.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-26292
CVE-2022-47603Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.1 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-47603
CVE-2023-22705Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-22705
CVE-2023-1013Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Virames Vira-Investing allows Cross-Site Scripting (XSS).This issue affects Vira-Investing: before 1.0.84.86.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1013
CVE-2023-23677Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.5 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-23677
CVE-2023-28733AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-28733
CVE-2023-26692ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Management System (ZBBS) 4.14k is vulnerable to Cross Site Scripting (XSS).6.1https://nvd.nist.gov/vuln/detail/CVE-2023-26692
CVE-2023-1060Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YKM YKM CRM allows Reflected XSS.This issue affects YKM CRM: before 23.03.30.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1060
CVE-2023-1794A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/casedetails.php of the component GET Parameter Handler. The manipulation of the argument id with the input ">--redacted-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224746 is the identifier assigned to this vulnerability6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1794
CVE-2023-1795A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/products/index.php of the component GET Parameter Handler. The manipulation of the argument view with the input --redacted-- leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-2247476.1https://nvd.nist.gov/vuln/detail/CVE-2023-1795
CVE-2022-27665Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-27665
CVE-2023-1766Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akbim Computer Panon allows Reflected XSS.This issue affects Panon: before 1.0.2.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1766
CVE-2023-1377The Solidres WordPress plugin through 0.9.4 does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1377
CVE-2022-4771Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4771
CVE-2022-47870A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-47870
CVE-2023-28998The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new files.? Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-28998
CVE-2020-19697Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the <iframe>src parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-19697
CVE-2020-19698Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-19698
CVE-2020-19699Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the <ifram> tag in the upload file page.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-19699
CVE-2020-20521Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-20521
CVE-2020-20522Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-20522
CVE-2020-22533Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter6.1https://nvd.nist.gov/vuln/detail/CVE-2020-22533
CVE-2020-23327Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-23327
CVE-2023-26776Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-26776
CVE-2023-26777Cross Site Scripting vulnerability found in : louislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation parameter of the status_page.js endpoint.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-26777
CVE-2023-0325Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-0325
CVE-2023-0357Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-0357
CVE-2023-0486VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-0486
CVE-2023-1851A vulnerability classified as problematic has been found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_add.php. The manipulation of the argument of leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224991.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1851
CVE-2023-1852A vulnerability classified as problematic was found in SourceCodester Online Payroll System 1.0. This vulnerability affects unknown code of the file /admin/deduction_edit.php. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-224992.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1852
CVE-2023-1853A vulnerability, which was classified as problematic, has been found in SourceCodester Online Payroll System 1.0. This issue affects some unknown processing of the file /admin/employee_edit.php. The manipulation of the argument of leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224993 was assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1853
CVE-2023-1857A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=product/manage_product&id=2. The manipulation of the argument Product Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224996.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1857
CVE-2023-1860A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has been declared as problematic. This vulnerability affects unknown code of the file /licenses. The manipulation of the argument view with the input teste">--redacted-- leads to cross site scripting. The attack can be initiated remotely. VDB-224998 is the identifier assigned to this vulnerability. NOTE: Vendor did not respond if and how they may handle this issue6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1860
CVE-2013-10022A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51. Affected by this issue is the function cntctfrm_display_form/cntctfrm_check_form of the file contact_form.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.52 is able to address this issue. The name of the patch is 642ef1dc1751ab6642ce981fe126325bb574f898. It is recommended to upgrade the affected component. VDB-225002 is the identifier assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2013-10022
CVE-2023-26789Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). The Web App fails to adequately sanitize special characters. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user's browser.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-26789
CVE-2023-20068A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface on an affected device to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-20068
CVE-2023-1880Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1880
CVE-2023-1884Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1884
CVE-2023-28313Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability6.1https://nvd.nist.gov/vuln/detail/CVE-2023-28313
CVE-2023-28314Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability6.1https://nvd.nist.gov/vuln/detail/CVE-2023-28314
CVE-2023-20030A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the responsiveness of the web-based management interface itself. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of confidential information. A successful exploit could also cause the web application to perform arbitrary HTTP requests on behalf of the attacker or consume memory resources to reduce the availability of the web-based management interface. To successfully exploit this vulnerability, an attacker would need valid Super Admin or Policy Admin credentials.6https://nvd.nist.gov/vuln/detail/CVE-2023-20030
CVE-2021-42017A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2100F (All versions), RUGGEDCOM M2200 (All versions < V4.3.8), RUGGEDCOM M2200F (All versions), RUGGEDCOM M969 (All versions < V4.3.8), RUGGEDCOM M969F (All versions), RUGGEDCOM RMC30 (All versions < V4.3.8), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.8), RUGGEDCOM RMC8388 V5.X (All versions < V5.6.0), RUGGEDCOM RP110 (All versions < V4.3.8), RUGGEDCOM RS1600 (All versions < V4.3.8), RUGGEDCOM RS1600F (All versions < V4.3.8), RUGGEDCOM RS1600T (All versions < V4.3.8), RUGGEDCOM RS400 (All versions < V4.3.8), RUGGEDCOM RS400F (All versions), RUGGEDCOM RS401 (All versions < V4.3.8), RUGGEDCOM RS416 (All versions < V4.3.8), RUGGEDCOM RS416F (All versions), RUGGEDCOM RS416P (All versions < V4.3.8), RUGGEDCOM RS416PF (All versions), RUGGEDCOM RS416Pv2 (All versions < V5.6.0), RUGGEDCOM RS416v2 (All versions < V5.6.0), RUGGEDCOM RS8000 (All versions < V4.3.8), RUGGEDCOM RS8000A (All versions < V4.3.8), RUGGEDCOM RS8000H (All versions < V4.3.8), RUGGEDCOM RS8000T (All versions < V4.3.8), RUGGEDCOM RS900 (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM RS900F (All versions), RUGGEDCOM RS900G (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.6.0), RUGGEDCOM RS900GF (All versions), RUGGEDCOM RS900GP (All versions < V4.3.8), RUGGEDCOM RS900GPF (All versions), RUGGEDCOM RS900L (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-XX (All versions < V4.3.8), RUGGEDCOM RS900M-STND-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-STND-XX (All versions < V4.3.8), RUGGEDCOM RS900W (All versions < V4.3.8), RUGGEDCOM RS910 (All versions < V4.3.8), RUGGEDCOM RS910L (All versions < V4.3.8), RUGGEDCOM RS910W (All versions < V4.3.8), RUGGEDCOM RS920L (All versions < V4.3.8), RUGGEDCOM RS920W (All versions < V4.3.8), RUGGEDCOM RS930L (All versions < V4.3.8), RUGGEDCOM RS930W (All versions < V4.3.8), RUGGEDCOM RS940G (All versions < V4.3.8), RUGGEDCOM RS940GF (All versions), RUGGEDCOM RS969 (All versions < V4.3.8), RUGGEDCOM RSG2100 (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM RSG2100F (All versions), RUGGEDCOM RSG2100P (All versions < V4.3.8), RUGGEDCOM RSG2100PF (All versions), RUGGEDCOM RSG2200 (All versions < V4.3.8), RUGGEDCOM RSG2200F (All versions), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2288 V5.X (All versions < V5.6.0), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300 V5.X (All versions < V5.6.0), RUGGEDCOM RSG2300F (All versions), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300P V5.X (All versions < V5.6.0), RUGGEDCOM RSG2300PF (All versions), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2488 V5.X (All versions < V5.6.0), RUGGEDCOM RSG2488F (All versions), RUGGEDCOM RSG907R (All versions < V5.6.0), RUGGEDCOM RSG908C (All versions < V5.6.0), RUGGEDCOM RSG909R (All versions < V5.6.0), RUGGEDCOM RSG910C (All versions < V5.6.0), RUGGEDCOM RSG920P V4.X (All versions < V4.3.8), RUGGEDCOM RSG920P V5.X (All versions < V5.6.0), RUGGEDCOM RSL910 (All versions < V5.6.0), RUGGEDCOM RST2228 (All versions < V5.6.0), RUGGEDCOM RST2228P (All versions < V5.6.0), RUGGEDCOM RST916C (All versions < V5.6.0), RUGGEDCOM RST916P (All versions < V5.6.0). A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2.\r\n\r\nIf an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-42017
CVE-2021-42018A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Within a third-party component, whenever memory allocation is requested, the out of bound size is not checked.\r\n\r\nTherefore, if size exceeding the expected allocation is assigned, it could allocate a smaller buffer instead. If an attacker were to exploit this, they could cause a heap overflow.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-42018
CVE-2021-42019A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Within a third-party component, the process to allocate partition size fails to check memory boundaries.\r\n\r\nTherefore, if a large amount is requested by an attacker, due to an integer-wrap around, it could result in a small size being allocated instead.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-42019
CVE-2022-43592An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-43592
CVE-2022-43593A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-43593
CVE-2022-43594Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp files.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-43594
CVE-2022-43595Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .fits files.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-43595
CVE-2022-43596An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-43596
CVE-2022-43603A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-43603
CVE-2023-27537A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-27537
CVE-2023-0922The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-0922
CVE-2017-9095XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import.5.5https://nvd.nist.gov/vuln/detail/CVE-2017-9095
CVE-2021-40364A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). The affected systems store sensitive information in log files. An attacker with access to the log files could publicly expose the information or reuse it to develop further attacks on the system.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40364
CVE-2022-0436Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0436
CVE-2021-3800A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3800
CVE-2022-34723Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34723
CVE-2022-34728Windows Graphics Component Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34728
CVE-2022-35831Windows Remote Access Connection Manager Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2022-35831
CVE-2022-35832Windows Event Tracing Denial of Service Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2022-35832
CVE-2022-41104Microsoft Excel Security Feature Bypass Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2022-41104
CVE-2021-44694A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516T-3 PN/DP, SIMATIC S7-1500 CPU 1516TF-3 PN/DP, SIMATIC S7-1500 CPU 1517-3 PN/DP, SIMATIC S7-1500 CPU 1517F-3 PN/DP, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN/DP, SIMATIC S7-1500 CPU 1517TF-3 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518F-4 PN/DP, SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN/DP, SIMATIC S7-1500 CPU 1518TF-4 PN/DP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1515R-2 PN, SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1517H-3 PN, SIPLUS S7-1500 CPU 1518-4 PN/DP, SIPLUS S7-1500 CPU 1518-4 PN/DP MFP, SIPLUS S7-1500 CPU 1518F-4 PN/DP, SIPLUS S7-1500 CPU 1518HF-4 PN, SIPLUS TIM 1531 IRC, TIM 1531 IRC. Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44694
CVE-2022-41684A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read of arbitrary memory address which can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-41684
CVE-2022-3857A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-3857
CVE-2023-1076A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-1076
CVE-2023-25722A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access of the Jenkins remote) to discover Veracode API credentials by listing the process and its arguments. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs and when the "Connect using proxy" option is enabled and configured with proxy credentials, allows local users of the Jenkins remote to discover proxy credentials by listing the process and its arguments. Veracode Azure DevOps Extension before 3.20.0 invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access to the Azure DevOps Services cloud infrastructure or Azure DevOps Server) to discover Veracode API credentials by listing the process and its arguments. Veracode Azure DevOps Extension before 3.20.0, when configured with proxy credentials, allows users (with shell access to the Azure DevOps Services cloud infrastructure or Azure DevOps Server) to discover proxy credentials by listing the process and its arguments.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-25722
CVE-2023-1550Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-1550
CVE-2022-28308This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16307.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-28308
CVE-2022-28309This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16308.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-28309
CVE-2022-28312This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16342.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-28312
CVE-2022-28313This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16343.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-28313
CVE-2022-28645This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16470.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-28645
CVE-2022-37351This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17636.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-37351
CVE-2022-37352This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WMF files. Crafted data in a WMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17638.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-37352
CVE-2022-37353This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17637.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-37353
CVE-2022-37360This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17635.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-37360
CVE-2022-37361This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. Crafted data in a JP2 file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17674.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-37361
CVE-2022-37368This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17728.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-37368
CVE-2022-37370This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17725.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-37370
CVE-2022-37373This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17810.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-37373
CVE-2022-37375This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPC files. Crafted data in a JPC file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18069.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-37375
CVE-2022-37379This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AFSpecial_KeystrokeEx method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17168.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-37379
CVE-2022-37380This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ADBC objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17169.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-37380
CVE-2022-37382This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeIcon method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17383.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-37382
CVE-2022-37383This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17111.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-37383
CVE-2022-37386This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17550.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-37386
CVE-2022-43610This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16350.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-43610
CVE-2022-43611This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16351.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-43611
CVE-2022-43612This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16355.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-43612
CVE-2022-43615This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16370.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-43615
CVE-2022-43640This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18629.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-43640
CVE-2022-44368NASM v2.16 was discovered to contain a null pointer deference in the NASM component5.5https://nvd.nist.gov/vuln/detail/CVE-2022-44368
CVE-2022-44369NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-44369
CVE-2023-27538An authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-27538
CVE-2023-0187NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-0187
CVE-2023-0188NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-0188
CVE-2022-48228An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-48228
CVE-2023-27734An issue found in Eteran edb-debugger v.1.3.0 allows a local attacker to causea denial of service via the collect_symbols function in plugins/BinaryInfo/symbols.cpp.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-27734
CVE-2023-26974Irfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at JPEG2000+0x0000000000001bf0.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-26974
CVE-2023-26083Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-26083
CVE-2023-28228Windows Spoofing Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28228
CVE-2023-28253Windows Kernel Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28253
CVE-2023-28263Visual Studio Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28263
CVE-2023-28266Windows Common Log File System Driver Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28266
CVE-2023-28271Windows Kernel Memory Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28271
CVE-2023-28298Windows Kernel Denial of Service Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28298
CVE-2023-28299Visual Studio Spoofing Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28299
CVE-2021-44225In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property5.4https://nvd.nist.gov/vuln/detail/CVE-2021-44225
CVE-2022-0020A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0020
CVE-2022-25630An authenticated user can embed malicious content with XSS into the admin group policy page.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-25630
CVE-2022-46265A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-46265
CVE-2022-41703A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag "ALLOW_ADHOC_SUBQUERY" disabled (default value). This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2022-41703
CVE-2023-0024SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources, resulting in Cross-Site Scripting vulnerability.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-0024
CVE-2023-0025SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-0025
CVE-2023-23851SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-23851
CVE-2023-23854SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-23854
CVE-2023-23855SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to confidentiality, integrity and availability.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-23855
CVE-2023-24525SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-24525
CVE-2023-0320Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS.This issue affects UBYS: before 23.03.16.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-0320
CVE-2023-28158Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-28158
CVE-2023-27489Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS accepts SVG files uploaded by users which could potentially contain JavaScript code. If SVG images are viewed directly, i.e. not rendered in an HTML page, this JavaScript code could execute. This vulnerability has been fixed by configuring Kiwi TCMS to serve with the Content-Security-Policy HTTP header which blocks inline JavaScript in all modern browsers. This configuration change is provided in version 12.1 and users are advised to upgrade. Users unable to upgrade may set their Content-Security-Policy HTTP header manually.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-27489
CVE-2022-47602Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in JoomUnited WP Table Manager plugin <= 3.5.2 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-47602
CVE-2022-1274A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-1274
CVE-2023-23670Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Team Heateor Fancy Comments WordPress plugin <= 1.2.10 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-23670
CVE-2023-23681Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Labib Ahmed Image Hover Effects For WPBakery Page Builder plugin <= 4.0 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-23681
CVE-2023-24399Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.2 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-24399
CVE-2023-25040Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin <= 5.12.6 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-25040
CVE-2022-43473A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-43473
CVE-2023-1746A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1746
CVE-2023-1755Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1755
CVE-2023-1761Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1761
CVE-2023-1774When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1774
CVE-2023-1776Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1776
CVE-2023-1796A vulnerability classified as problematic has been found in SourceCodester Employee Payslip Generator 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_position of the component Create News Handler. The manipulation of the argument name with the input --redacted-- leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-2247485.4https://nvd.nist.gov/vuln/detail/CVE-2023-1796
CVE-2023-1798A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument typename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224750 is the identifier assigned to this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1798
CVE-2023-1799A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. This affects an unknown part of the file login.php. The manipulation of the argument tag_tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224751.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1799
CVE-2022-42452HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-42452
CVE-2023-26283IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-26283
CVE-2023-28669Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-28669
CVE-2023-28670Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-28670
CVE-2023-28678Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control report file contents.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-28678
CVE-2023-28679Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-28679
CVE-2023-0399The Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-0399
CVE-2023-28836Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites with ModelAdmin enabled. For page, the vulnerability is in the "Choose a parent page" ModelAdmin view (`ChooseParentView`), available when managing pages via ModelAdmin. For documents, the vulnerability is in the ModelAdmin Inspect view (`InspectView`) when displaying document fields. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2. Site owners who are unable to upgrade to the new versions can disable or override the corresponding functionality.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-28836
CVE-2023-24724A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface (SASAdmin). For the product release, the reported version is 9.4_M2 and the fixed version is 9.4_M3. For the SAS release, the reported version is 9.4 TS1M2 and the fixed version is 9.4 TS1M3.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-24724
CVE-2020-36692A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-36692
CVE-2023-23685Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in RadiusTheme Portfolio – WordPress Portfolio plugin <= 2.8.10 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-23685
CVE-2023-23686Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.2 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-23686
CVE-2023-23878Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-23878
CVE-2023-23977Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin <= 1.6.1 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-23977
CVE-2023-28848user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-28848
CVE-2020-19277Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via javascript code in the markdown editor.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-19277
CVE-2023-26536Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.05 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-26536
CVE-2023-28069Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-28069
CVE-2023-1756Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1756
CVE-2023-1757Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1757
CVE-2023-1758Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1758
CVE-2023-1878Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1878
CVE-2023-1879Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1879
CVE-2023-1881Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1881
CVE-2023-1882Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1882
CVE-2023-1885Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1885
CVE-2023-20131Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-20131
CVE-2023-20132Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-20132
CVE-2023-23815Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Jackson Multi-column Tag Map plugin <= 17.0.24 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-23815
CVE-2023-1726Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proliz OBS allows Stored XSS for an authenticated user.This issue affects OBS: before 23.04.01.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1726
CVE-2019-13117In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-13117
CVE-2019-13118In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-13118
CVE-2020-11798A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-11798
CVE-2019-15993A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-15993
CVE-2022-25622A vulnerability has been identified in SIMATIC CFU DIQ, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200AL IM157-1 PN, SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L, SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L, SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L, SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L, SIMATIC ET200ecoPN, DI 16x24VDC, M12-L, SIMATIC ET200ecoPN, DI 8x24VDC, M12-L, SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L, SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L, SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L, SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC PN/MF Coupler, SIMATIC PN/PN Coupler, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SINAMICS DCM, SINAMICS G110M, SINAMICS G115D, SINAMICS G120 (incl. SIPLUS variants), SINAMICS G130, SINAMICS G150, SINAMICS S110, SINAMICS S120 (incl. SIPLUS variants), SINAMICS S150, SINAMICS S210, SINAMICS V90, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS HCS4200 CIM4210, SIPLUS HCS4200 CIM4210C, SIPLUS HCS4300 CIM4310, SIPLUS NET PN/PN Coupler, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP. The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.\n\nThis could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-25622
CVE-2022-36296Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin <= 0.2.27 at WordPress allows unauthenticated post update/create/delete.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-36296
CVE-2022-39158A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Affected devices improperly handle partial HTTP requests which makes them vulnerable to slowloris attacks. \r\n\r\nThis could allow a remote attacker to create a denial of service condition that persists until the attack ends.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-39158
CVE-2022-36354A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-36354
CVE-2023-24526SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an unassigned user can read non-sensitive server data.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-24526
CVE-2023-26460Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-26460
CVE-2023-27268SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability., resulting in escalation of privileges.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-27268
CVE-2023-27894SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to execute malicious requests, resulting in sensitive information disclosure. This causes limited impact on confidentiality of data.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-27894
CVE-2022-36059matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This issue has been fixed in matrix-js-sdk 19.4.0 and users are advised to upgrade. Users unable to upgrade may mitigate this issue by redacting applicable events, waiting for the sync processor to store data, and restarting the client. Alternatively, redacting the applicable events and clearing all storage will often fix most perceived issues. In some cases, no workarounds are possible.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-36059
CVE-2022-36060matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered. This issue has been fixed in matrix-react-sdk 3.53.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-36060
CVE-2023-1663Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)5.3https://nvd.nist.gov/vuln/detail/CVE-2023-1663
CVE-2023-1258Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-1258
CVE-2023-1777Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-1777
CVE-2022-3192Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-3192
CVE-2023-29140An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-29140
CVE-2023-1768Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-1768
CVE-2023-26437Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-26437
CVE-2023-1868The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's cache.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-1868
CVE-2023-27464A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.1), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.1), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.1.1). The affected versions of the module contain an observable response discrepancy issue that could allow an attacker to retrieve sensitive information.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-27464
CVE-2023-28828A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-28828
CVE-2023-28226Windows Enroll Engine Security Feature Bypass Vulnerability5.3https://nvd.nist.gov/vuln/detail/CVE-2023-28226
CVE-2023-21722.NET Framework Denial of Service Vulnerability5https://nvd.nist.gov/vuln/detail/CVE-2023-21722
CVE-2021-44693A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516T-3 PN/DP, SIMATIC S7-1500 CPU 1516TF-3 PN/DP, SIMATIC S7-1500 CPU 1517-3 PN/DP, SIMATIC S7-1500 CPU 1517F-3 PN/DP, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN/DP, SIMATIC S7-1500 CPU 1517TF-3 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518F-4 PN/DP, SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN/DP, SIMATIC S7-1500 CPU 1518TF-4 PN/DP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1515R-2 PN, SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1517H-3 PN, SIPLUS S7-1500 CPU 1518-4 PN/DP, SIPLUS S7-1500 CPU 1518-4 PN/DP MFP, SIPLUS S7-1500 CPU 1518F-4 PN/DP, SIPLUS S7-1500 CPU 1518HF-4 PN, SIPLUS TIM 1531 IRC, TIM 1531 IRC. Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-44693
CVE-2021-44695A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516T-3 PN/DP, SIMATIC S7-1500 CPU 1516TF-3 PN/DP, SIMATIC S7-1500 CPU 1517-3 PN/DP, SIMATIC S7-1500 CPU 1517F-3 PN/DP, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN/DP, SIMATIC S7-1500 CPU 1517TF-3 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518F-4 PN/DP, SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN/DP, SIMATIC S7-1500 CPU 1518TF-4 PN/DP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1515R-2 PN, SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1517H-3 PN, SIPLUS S7-1500 CPU 1518-4 PN/DP, SIPLUS S7-1500 CPU 1518-4 PN/DP MFP, SIPLUS S7-1500 CPU 1518F-4 PN/DP, SIPLUS S7-1500 CPU 1518HF-4 PN, SIPLUS TIM 1531 IRC, TIM 1531 IRC. Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-44695
CVE-2023-25615Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application.\n\n4.9https://nvd.nist.gov/vuln/detail/CVE-2023-25615
CVE-2023-26461SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view sensitive data which is owned by certain privileges.\n\n4.9https://nvd.nist.gov/vuln/detail/CVE-2023-26461
CVE-2023-28277Windows DNS Server Information Disclosure Vulnerability4.9https://nvd.nist.gov/vuln/detail/CVE-2023-28277
CVE-2021-24489The Request a Quote WordPress plugin before 2.3.9 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.4.8https://nvd.nist.gov/vuln/detail/CVE-2021-24489
CVE-2022-2239The Request a Quote WordPress plugin before 2.3.9 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-2239
CVE-2023-23675Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catchsquare WP Smart Preloader plugin <= 1.15 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-23675
CVE-2023-1759Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-1759
CVE-2023-1760Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-1760
CVE-2023-1772A vulnerability was found in DataGear up to 4.5.1. It has been classified as problematic. This affects an unknown part of the component Diagram Type Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224673 was assigned to this vulnerability.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-1772
CVE-2023-26529Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DupeOff.Com DupeOff plugin <= 1.6 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-26529
CVE-2023-23821Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcin Pietrzak Interactive Polish Map plugin <= 1.2 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-23821
CVE-2023-23870Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-23870
CVE-2023-1840The Sp*tify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-1840
CVE-2023-1869The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-1869
CVE-2023-23981Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud Conversational Forms for ChatBot plugin <= 1.1.6 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-23981
CVE-2023-23982Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGear.Pro WPFrom Email plugin <= 1.8.8 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-23982
CVE-2023-23971Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin <= 1.1.81 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-23971
CVE-2023-23972Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin <= 0.8.39 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-23972
CVE-2023-25000HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-25000
CVE-2023-1754Improper Input Validation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-1754
CVE-2023-0194NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service.4.6https://nvd.nist.gov/vuln/detail/CVE-2023-0194
CVE-2022-42432This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nft_osf_eval function. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-18540.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-42432
CVE-2023-28276Windows Group Policy Security Feature Bypass Vulnerability4.4https://nvd.nist.gov/vuln/detail/CVE-2023-28276
CVE-2022-2846The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2846
CVE-2023-28336Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-28336
CVE-2023-20903This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a client on behalf of a user from that identity provider, the administrator of the UAA deactivates the identity provider from the UAA. It is expected that the UAA would reject a refresh token during a refresh token grant, but it does not (hence the vulnerability). It will continue to issue access tokens to request presenting such refresh tokens, as if the identity provider was still active. As a result, clients with refresh tokens issued through the deactivated identity provider would still have access to Cloud Foundry resources until their refresh token expires (which defaults to 30 days).4.3https://nvd.nist.gov/vuln/detail/CVE-2023-20903
CVE-2022-27597A vulnerability have been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allow remote authenticated users to get secret values. The vulnerabilities affect the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerabilities in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later4.3https://nvd.nist.gov/vuln/detail/CVE-2022-27597
CVE-2022-27598A vulnerability have been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allow remote authenticated users to get secret values. The vulnerabilities affect the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerabilities in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later4.3https://nvd.nist.gov/vuln/detail/CVE-2022-27598
CVE-2023-29137An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-29137
CVE-2023-28671A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-28671
CVE-2023-28673A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-28673
CVE-2023-28675A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-28675
CVE-2023-28834Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get the full data directory path of the Nextcloud server from an API endpoint. By itself this information is not problematic as it can also be guessed for most common setups, but it could speed up other unknown attacks in the future if the information is known. Nextcloud Server 24.0.6 and 25.0.4 and Nextcloud Enterprise Server 23.0.11, 24.0.6, and 25.0.4 contain patches for this issue. There are no known workarounds.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-28834
CVE-2022-4769Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4769
CVE-2022-4770Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt).4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4770
CVE-2023-0225A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-0225
CVE-2023-1866The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the clearKeys function. This makes it possible for unauthenticated attackers to reset the plugin's channel settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-1866
CVE-2023-1867The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-1867
CVE-2023-1870The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the saveLang function. This makes it possible for unauthenticated attackers to change the plugin's quick language translation settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-1870
CVE-2023-1871The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the deleteLang function. This makes it possible for unauthenticated attackers to reset the plugin's quick language translation settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-1871
CVE-2023-21729Remote Procedure Call Runtime Information Disclosure Vulnerability4.3https://nvd.nist.gov/vuln/detail/CVE-2023-21729
CVE-2023-28284Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability4.3https://nvd.nist.gov/vuln/detail/CVE-2023-28284
CVE-2021-3802A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.4.2https://nvd.nist.gov/vuln/detail/CVE-2021-3802
CVE-2023-28301Microsoft Edge (Chromium-based) Tampering Vulnerability4.2https://nvd.nist.gov/vuln/detail/CVE-2023-28301
CVE-2023-28858redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4.3, and 4.5.3 were released (changing the behavior for pipeline operations); however, please see CVE-2023-28859 about addressing data leakage across AsyncIO connections in general.3.7https://nvd.nist.gov/vuln/detail/CVE-2023-28858
CVE-2023-28845Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability.3.5https://nvd.nist.gov/vuln/detail/CVE-2023-28845
CVE-2022-41278A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-41278
CVE-2022-41279A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-41279
CVE-2022-41280A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-41280
CVE-2022-41287A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains divide by zero vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-41287
CVE-2022-41288A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-41288
CVE-2022-45484A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.9), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.5), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CCITT_G4Decode.dll contains an out of bounds read vulnerability when parsing a RAS file. An attacker can leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19056)3.3https://nvd.nist.gov/vuln/detail/CVE-2022-45484
CVE-2022-41977An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-41977
CVE-2023-1513A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-1513
CVE-2023-1075A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-1075
CVE-2022-37376This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Editor 11.1.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arrays. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16599.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-37376
CVE-2022-48435In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file3.3https://nvd.nist.gov/vuln/detail/CVE-2022-48435
CVE-2023-21807Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability3https://nvd.nist.gov/vuln/detail/CVE-2023-21807
CVE-2023-28646Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta information like sharer, sharees and activity of files. It is recommended that the Nextcloud Android app is upgraded to 3.24.1. There are no known workarounds for this vulnerability.2.4https://nvd.nist.gov/vuln/detail/CVE-2023-28646
CVE-2023-0195NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver2.4https://nvd.nist.gov/vuln/detail/CVE-2023-0195
CVE-2023-28840Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.https://nvd.nist.gov/vuln/detail/CVE-2023-28840
CVE-2023-28841Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. An iptables rule designates outgoing VXLAN datagrams with a VNI that corresponds to an encrypted overlay network for IPsec encapsulation. Encrypted overlay networks on affected platforms silently transmit unencrypted data. As a result, `overlay` networks may appear to be functional, passing traffic as expected, but without any of the expected confidentiality or data integrity guarantees. It is possible for an attacker sitting in a trusted position on the network to read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure. Thus, because many database protocols, internal APIs, etc. are not protected by a second layer of encryption, a user may use Swarm encrypted overlay networks to provide confidentiality, which due to this vulnerability this is no longer guaranteed. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to outgoing traffic at the Internet boundary in order to prevent unintentionally leaking unencrypted traffic over the Internet, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.https://nvd.nist.gov/vuln/detail/CVE-2023-28841
CVE-2023-28842Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. The `overlay` driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate. Encrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and GHSA-vwm3-crmr-xfxw should be referenced for a deeper exploration. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. In multi-node clusters, deploy a global ‘pause’ container for each encrypted overlay network, on every node. For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features. The Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in `host` mode instead of `ingress` mode (allowing the use of an external load balancer), and removing the `ingress` network. If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec.https://nvd.nist.gov/vuln/detail/CVE-2023-28842
CVE-2023-29003SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. While the implementation does a sufficient job in mitigating common CSRF attacks, prior to version 1.15.1, the protection can be bypassed by simply specifying a different `Content-Type` header value. If abused, this issue will allow malicious requests to be submitted from third-party domains, which can allow execution of operations within the context of the victim's session, and in extreme scenarios can lead to unauthorized access to users’ accounts. SvelteKit 1.15.1 updates the `is_form_content_type` function call in the CSRF protection logic to include `text/plain`. As additional hardening of the CSRF protection mechanism against potential method overrides, SvelteKit 1.15.1 is now performing validation on `PUT`, `PATCH` and `DELETE` methods as well. This latter hardening is only needed to protect users who have put in some sort of `?_method= override` feature themselves in their `handle` hook, so that the request that resolve sees could be `PUT`/`PATCH`/`DELETE` when the browser issues a `POST` request.https://nvd.nist.gov/vuln/detail/CVE-2023-29003
CVE-2023-0738OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html.https://nvd.nist.gov/vuln/detail/CVE-2023-0738
CVE-2023-0835markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user.https://nvd.nist.gov/vuln/detail/CVE-2023-0835
CVE-2023-29323ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.https://nvd.nist.gov/vuln/detail/CVE-2023-29323
CVE-2023-29374In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.https://nvd.nist.gov/vuln/detail/CVE-2023-29374
CVE-2023-25330A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer.https://nvd.nist.gov/vuln/detail/CVE-2023-25330
CVE-2023-20021Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.https://nvd.nist.gov/vuln/detail/CVE-2023-20021
CVE-2023-28632GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user can also receive sensitive data through GLPI notifications. Versions 9.5.13 and 10.0.7 contain a patch for this issue. As a workaround, account takeover can be prevented by deactivating all notifications related to `Forgotten password?` event. However, it will not prevent unauthorized modification of any user emails.https://nvd.nist.gov/vuln/detail/CVE-2023-28632
CVE-2022-43664A use-after-free vulnerability exists within the way Ichitaro Word Processor 2022, version 1.0.1.57600, processes protected documents. A specially crafted document can trigger reuse of freed memory, which can lead to further memory corruption and potentially result in arbitrary code execution. An attacker can provide a malicious document to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-43664
CVE-2022-45115A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-45115
CVE-2023-1412An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user). After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\\Windows\\Installer. The vulnerability lies in the repair function of this MSI. ImpactAn unprivileged (non-admin) user can exploit this vulnerability to perform privileged operations with SYSTEM context, including deleting arbitrary files and reading arbitrary file content. This can lead to a variety of attacks, including the manipulation of system files and privilege escalation. PatchesA new installer with a fix that addresses this vulnerability was released in version 2023.3.381.0. While the WARP Client itself is not vulnerable (only the installer), users are encouraged to upgrade to the latest version and delete any older installers present in their systems.https://nvd.nist.gov/vuln/detail/CVE-2023-1412
CVE-2023-1788Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6.https://nvd.nist.gov/vuln/detail/CVE-2023-1788
CVE-2023-20022Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.https://nvd.nist.gov/vuln/detail/CVE-2023-20022
CVE-2023-22291An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provide a malicious file to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-22291
CVE-2023-22660A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. A specially crafted document can cause a buffer overflow, leading to memory corruption, which can result in arbitrary code execution.To trigger this vulnerability, the victim would need to open a malicious, attacker-created document.https://nvd.nist.gov/vuln/detail/CVE-2023-22660
CVE-2023-28633GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery (SSRF). In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This feature does not check safety or URLs. Versions 9.5.13 and 10.0.7 contain a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-28633
CVE-2023-29389Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated" messages via CAN Injection, as exploited in the wild in (for example) July 2022.https://nvd.nist.gov/vuln/detail/CVE-2023-29389
CVE-2023-1883Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.https://nvd.nist.gov/vuln/detail/CVE-2023-1883
CVE-2023-1886Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.https://nvd.nist.gov/vuln/detail/CVE-2023-1886
CVE-2023-1887Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.https://nvd.nist.gov/vuln/detail/CVE-2023-1887
CVE-2023-28634GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-28634
CVE-2023-28636GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7.https://nvd.nist.gov/vuln/detail/CVE-2023-28636
CVE-2023-28639GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted link. This issue is fixed in versions 9.5.13 and 10.0.7.https://nvd.nist.gov/vuln/detail/CVE-2023-28639
CVE-2023-28838GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server. Versions 9.5.13 and 10.0.7 contain a patch for this issue. As a workaround, remove `Assistance > Statistics` and `Tools > Reports` read rights from every user.https://nvd.nist.gov/vuln/detail/CVE-2023-28838
CVE-2023-28849GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.7 contains a patch for this issue. As a workaround, disable native inventory.https://nvd.nist.gov/vuln/detail/CVE-2023-28849
CVE-2023-28852GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions 9.5.13 and 10.0.7 contain a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-28852
CVE-2023-28855Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-28855
CVE-2023-29006The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin.https://nvd.nist.gov/vuln/detail/CVE-2023-29006
CVE-2022-4939THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to modify the membership registration form in a way that allows them to set the role for registration to that of any user including administrators. Once configured, the attacker can then register as an administrator.https://nvd.nist.gov/vuln/detail/CVE-2022-4939
CVE-2022-4940The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership details, changing renewal information, controlling membership approvals, and more.https://nvd.nist.gov/vuln/detail/CVE-2022-4940
CVE-2022-4941The WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership details, changing renewal information, controlling membership approvals, and more, via a forged request granted they can trick a site's administrator into performing an action such as clicking on a link.https://nvd.nist.gov/vuln/detail/CVE-2022-4941
CVE-2023-0670Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image.https://nvd.nist.gov/vuln/detail/CVE-2023-0670
CVE-2023-1522SQL Injection in the Hardware Inventory report of Security Center 5.11.2.https://nvd.nist.gov/vuln/detail/CVE-2023-1522
CVE-2023-1838A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.https://nvd.nist.gov/vuln/detail/CVE-2023-1838
CVE-2023-20096A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by entering crafted text into various input fields within the web-based management interface. A successful exploit could allow the attacker to perform a stored XSS attack, which could allow the execution of scripts within the context of other users of the interface.https://nvd.nist.gov/vuln/detail/CVE-2023-20096
CVE-2023-20102A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to insufficient sanitization of user-provided data that is parsed into system memory. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the administrator user.https://nvd.nist.gov/vuln/detail/CVE-2023-20102
CVE-2023-20103A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affected device. This vulnerability is due to insufficient validation of user input to the web interface. An attacker could exploit this vulnerability by uploading a crafted file to an affected device. A successful exploit could allow the attacker to execute code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.https://nvd.nist.gov/vuln/detail/CVE-2023-20103
CVE-2023-20117Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2023-20117
CVE-2023-20121Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.https://nvd.nist.gov/vuln/detail/CVE-2023-20121
CVE-2023-20122Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.https://nvd.nist.gov/vuln/detail/CVE-2023-20122
CVE-2023-20123A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows device. This vulnerability exists because session credentials do not properly expire. An attacker could exploit this vulnerability by replaying previously used multifactor authentication (MFA) codes to bypass MFA protection. A successful exploit could allow the attacker to gain unauthorized access to the affected device.https://nvd.nist.gov/vuln/detail/CVE-2023-20123
CVE-2023-20137Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2023-20137
CVE-2023-20138Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2023-20138
CVE-2023-20139Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2023-20139
CVE-2023-20140Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2023-20140
CVE-2023-20141Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2023-20141
CVE-2023-20142Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2023-20142
CVE-2023-20143Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2023-20143
CVE-2023-20144Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2023-20144
CVE-2023-20145Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2023-20145
CVE-2023-20146Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2023-20146
CVE-2023-20147Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2023-20147
CVE-2023-20148Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2023-20148
CVE-2023-20149Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2023-20149
CVE-2023-20150Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2023-20150
CVE-2023-20151Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2023-20151
CVE-2023-20153Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.https://nvd.nist.gov/vuln/detail/CVE-2023-20153
CVE-2023-28342Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.https://nvd.nist.gov/vuln/detail/CVE-2023-28342
CVE-2022-3375An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private.https://nvd.nist.gov/vuln/detail/CVE-2022-3375
CVE-2022-3513An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP.https://nvd.nist.gov/vuln/detail/CVE-2022-3513
CVE-2023-0319An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only.https://nvd.nist.gov/vuln/detail/CVE-2023-0319
CVE-2023-0523An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances.https://nvd.nist.gov/vuln/detail/CVE-2023-0523
CVE-2023-0842xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.https://nvd.nist.gov/vuln/detail/CVE-2023-0842
CVE-2023-0944Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain actions that can be performed by the user.https://nvd.nist.gov/vuln/detail/CVE-2023-0944
CVE-2023-0959Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF.https://nvd.nist.gov/vuln/detail/CVE-2023-0959
CVE-2023-0967Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user permissions with respect to certain actions the user can perform.https://nvd.nist.gov/vuln/detail/CVE-2023-0967
CVE-2023-1098An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration.https://nvd.nist.gov/vuln/detail/CVE-2023-1098
CVE-2023-1582A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2023-1582
CVE-2023-1733A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1.https://nvd.nist.gov/vuln/detail/CVE-2023-1733
CVE-2023-1782HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.https://nvd.nist.gov/vuln/detail/CVE-2023-1782
CVE-2023-1855A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.https://nvd.nist.gov/vuln/detail/CVE-2023-1855
CVE-2023-24720An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file.https://nvd.nist.gov/vuln/detail/CVE-2023-24720
CVE-2023-24747Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list.https://nvd.nist.gov/vuln/detail/CVE-2023-24747
CVE-2023-0450An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users.https://nvd.nist.gov/vuln/detail/CVE-2023-0450
CVE-2023-0838An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342.https://nvd.nist.gov/vuln/detail/CVE-2023-0838
CVE-2023-1071An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue from an epic.https://nvd.nist.gov/vuln/detail/CVE-2023-1071
CVE-2023-1167Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR.https://nvd.nist.gov/vuln/detail/CVE-2023-1167
CVE-2023-1417An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group.https://nvd.nist.gov/vuln/detail/CVE-2023-1417
CVE-2023-1708An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.https://nvd.nist.gov/vuln/detail/CVE-2023-1708
CVE-2023-1710A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue.https://nvd.nist.gov/vuln/detail/CVE-2023-1710
CVE-2023-1787An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description.https://nvd.nist.gov/vuln/detail/CVE-2023-1787
CVE-2022-31888Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.https://nvd.nist.gov/vuln/detail/CVE-2022-31888
CVE-2022-31889Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae.https://nvd.nist.gov/vuln/detail/CVE-2022-31889
CVE-2022-31890SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function.https://nvd.nist.gov/vuln/detail/CVE-2022-31890
CVE-2023-29415An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.https://nvd.nist.gov/vuln/detail/CVE-2023-29415
CVE-2023-29416An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.https://nvd.nist.gov/vuln/detail/CVE-2023-29416
CVE-2023-29418An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read.https://nvd.nist.gov/vuln/detail/CVE-2023-29418
CVE-2023-29419An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read.https://nvd.nist.gov/vuln/detail/CVE-2023-29419
CVE-2023-29420An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3_decode_block.https://nvd.nist.gov/vuln/detail/CVE-2023-29420
CVE-2023-29421An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_decode_block.https://nvd.nist.gov/vuln/detail/CVE-2023-29421
CVE-2023-23979Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23979
CVE-2023-23987Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin <= 2.3.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23987
CVE-2023-25542Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-25542
CVE-2023-28046Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-28046
CVE-2023-23980Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MailOptin Popup Builder Team MailOptin plugin <= 1.2.54.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23980
CVE-2023-23996Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23996
CVE-2023-23998Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikRentCar Car Rental Management System plugin <= 1.3.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23998
CVE-2023-24001Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <= 3.5.9 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24001
CVE-2023-24006Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Software LLC WP Terms Popup plugin <= 2.6.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24006
CVE-2023-1802In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.https://nvd.nist.gov/vuln/detail/CVE-2023-1802
CVE-2023-24002Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24002
CVE-2023-24003Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Timersys WP Popups – WordPress Popup plugin <= 2.1.4.8 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24003
CVE-2023-24004Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin <= 2.1.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24004
CVE-2023-0652Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.https://nvd.nist.gov/vuln/detail/CVE-2023-0652
CVE-2023-23898Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeThemes Blocksy Companion plugin <= 1.8.67 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23898
CVE-2023-24383Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Namaste! LMS plugin <= 2.5.9.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24383
CVE-2023-24387Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Organization chart plugin <= 1.4.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24387
CVE-2023-24403Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP For The Win bbPress Voting plugin <= 2.1.11.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24403
CVE-2023-24411Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kerry Kline BNE Testimonials plugin <= 2.0.7 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24411
CVE-2022-46793Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io Product Feed PRO for WooCommerce plugin <= 12.4.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-46793
CVE-2023-1908A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/categories/view_category.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225150 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-1908
CVE-2023-23801Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Simple Google Tag Manager plugin <= 1.0.6 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23801
CVE-2023-0750Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would allow an attacker to : - Change the password, resulting in a DOS of the users - Change the streaming source, compromising the integrity of the stream - Change the streaming destination, compromising the confidentiality of the stream This issue affects Yellowbrik: PEC 1864. No patch has been issued by the manufacturer as this model was discontinued.https://nvd.nist.gov/vuln/detail/CVE-2023-0750
CVE-2023-23891Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.1 versions. Needs the OceanWP theme installed and activated.https://nvd.nist.gov/vuln/detail/CVE-2023-23891
CVE-2023-24374Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24374
CVE-2023-24378Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Codeat Glossary plugin <= 2.1.27 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24378
CVE-2023-24396Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24396
CVE-2023-25062Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.2.8 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25062
CVE-2020-36071SQL injection vulnerability found in Tailor Management System v.1 allows a remote authenticated attacker to execute arbitrary code via the customer parameter of the email.php page.https://nvd.nist.gov/vuln/detail/CVE-2020-36071
CVE-2020-36072SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the id parameter.https://nvd.nist.gov/vuln/detail/CVE-2020-36072
CVE-2020-36073SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the detail parameter of the document.php page.https://nvd.nist.gov/vuln/detail/CVE-2020-36073
CVE-2020-36074SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the title parameter.https://nvd.nist.gov/vuln/detail/CVE-2020-36074
CVE-2023-1912The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator accesses the plugin's settings page. This only works when the plugin prioritizes use of the X-FORWARDED-FOR header, which can be configured in its settings.https://nvd.nist.gov/vuln/detail/CVE-2023-1912
CVE-2023-1913The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.https://nvd.nist.gov/vuln/detail/CVE-2023-1913
CVE-2023-22985Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting (XSS) via Name, Referrer, Location, and Comments.https://nvd.nist.gov/vuln/detail/CVE-2023-22985
CVE-2022-46781An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0.https://nvd.nist.gov/vuln/detail/CVE-2022-46781
CVE-2023-24534HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.https://nvd.nist.gov/vuln/detail/CVE-2023-24534
CVE-2023-24536Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.https://nvd.nist.gov/vuln/detail/CVE-2023-24536
CVE-2023-24537Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.https://nvd.nist.gov/vuln/detail/CVE-2023-24537
CVE-2023-24538Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.https://nvd.nist.gov/vuln/detail/CVE-2023-24538
CVE-2023-0580Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13.https://nvd.nist.gov/vuln/detail/CVE-2023-0580
CVE-2023-29008The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. The protection is implemented at `kit/src/runtime/server/respond.js`. While the implementation does a sufficient job of mitigating common CSRF attacks, the protection can be bypassed in versions prior to 1.15.2 by simply specifying an upper-cased `Content-Type` header value. The browser will not send uppercase characters, but this check does not block all expected CORS requests. If abused, this issue will allow malicious requests to be submitted from third-party domains, which can allow execution of operations within the context of the victim's session, and in extreme scenarios can lead to unauthorized access to users’ accounts. This may lead to all POST operations requiring authentication being allowed in the following cases: If the target site sets `SameSite=None` on its auth cookie and the user visits a malicious site in a Chromium-based browser; if the target site doesn't set the `SameSite` attribute explicitly and the user visits a malicious site with Firefox/Safari with tracking protections turned off; and/or if the user is visiting a malicious site with a very outdated browser. SvelteKit 1.15.2 contains a patch for this issue. It is also recommended to explicitly set `SameSite` to a value other than `None` on authentication cookies especially if the upgrade cannot be done in a timely manner.https://nvd.nist.gov/vuln/detail/CVE-2023-29008
CVE-2023-29010Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 (07 March 2023) are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access to a Budibase AWS secret key. Users of Budibase cloud need to take no action. Self-host users who run Budibase on the public internet and are using a cloud provider that allows HTTP access to metadata information should ensure that when they deploy Budibase live, their internal metadata endpoint is not exposed.https://nvd.nist.gov/vuln/detail/CVE-2023-29010
CVE-2020-19678Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.https://nvd.nist.gov/vuln/detail/CVE-2020-19678
CVE-2022-32599In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07460390.https://nvd.nist.gov/vuln/detail/CVE-2022-32599
CVE-2023-20652In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589135.https://nvd.nist.gov/vuln/detail/CVE-2023-20652
CVE-2023-20653In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589144.https://nvd.nist.gov/vuln/detail/CVE-2023-20653
CVE-2023-20654In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589148.https://nvd.nist.gov/vuln/detail/CVE-2023-20654
CVE-2023-20655In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022.https://nvd.nist.gov/vuln/detail/CVE-2023-20655
CVE-2023-20656In geniezone, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571494; Issue ID: ALPS07571494.https://nvd.nist.gov/vuln/detail/CVE-2023-20656
CVE-2023-20657In mtee, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571485; Issue ID: ALPS07571485.https://nvd.nist.gov/vuln/detail/CVE-2023-20657
CVE-2023-20658In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07537393; Issue ID: ALPS07180396.https://nvd.nist.gov/vuln/detail/CVE-2023-20658
CVE-2023-20659In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588413.https://nvd.nist.gov/vuln/detail/CVE-2023-20659
CVE-2023-20660In wlan, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588383; Issue ID: ALPS07588383.https://nvd.nist.gov/vuln/detail/CVE-2023-20660
CVE-2023-20661In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560782; Issue ID: ALPS07560782.https://nvd.nist.gov/vuln/detail/CVE-2023-20661
CVE-2023-20662In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560765; Issue ID: ALPS07560765.https://nvd.nist.gov/vuln/detail/CVE-2023-20662
CVE-2023-20663In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560741; Issue ID: ALPS07560741.https://nvd.nist.gov/vuln/detail/CVE-2023-20663
CVE-2023-20664In gz, there is a possible double free due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07505952; Issue ID: ALPS07505952.https://nvd.nist.gov/vuln/detail/CVE-2023-20664
CVE-2023-20665In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628604.https://nvd.nist.gov/vuln/detail/CVE-2023-20665
CVE-2023-20666In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310651; Issue ID: ALPS07292173.https://nvd.nist.gov/vuln/detail/CVE-2023-20666
CVE-2023-20670In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648710; Issue ID: ALPS07648710.https://nvd.nist.gov/vuln/detail/CVE-2023-20670
CVE-2023-20674In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588552.https://nvd.nist.gov/vuln/detail/CVE-2023-20674
CVE-2023-20675In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588569.https://nvd.nist.gov/vuln/detail/CVE-2023-20675
CVE-2023-20676In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07628518.https://nvd.nist.gov/vuln/detail/CVE-2023-20676
CVE-2023-20677In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588436.https://nvd.nist.gov/vuln/detail/CVE-2023-20677
CVE-2023-20679In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588453.https://nvd.nist.gov/vuln/detail/CVE-2023-20679
CVE-2023-20680In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664785; Issue ID: ALPS07664785.https://nvd.nist.gov/vuln/detail/CVE-2023-20680
CVE-2023-20681In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07696134; Issue ID: ALPS07696134.https://nvd.nist.gov/vuln/detail/CVE-2023-20681
CVE-2023-20682In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441605; Issue ID: ALPS07441605.https://nvd.nist.gov/vuln/detail/CVE-2023-20682
CVE-2023-20684In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671069; Issue ID: ALPS07671069.https://nvd.nist.gov/vuln/detail/CVE-2023-20684
CVE-2023-20685In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608575; Issue ID: ALPS07608575.https://nvd.nist.gov/vuln/detail/CVE-2023-20685
CVE-2023-20686In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570826; Issue ID: ALPS07570826.https://nvd.nist.gov/vuln/detail/CVE-2023-20686
CVE-2023-20687In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570772; Issue ID: ALPS07570772.https://nvd.nist.gov/vuln/detail/CVE-2023-20687
CVE-2023-20688In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441821; Issue ID: ALPS07441821.https://nvd.nist.gov/vuln/detail/CVE-2023-20688
CVE-2023-1918The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_callback function. This makes it possible for unauthenticated attackers to invoke a cache building action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.https://nvd.nist.gov/vuln/detail/CVE-2023-1918
CVE-2023-1919The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache-related settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.https://nvd.nist.gov/vuln/detail/CVE-2023-1919
CVE-2023-1920The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_purgecache_varnish_callback function. This makes it possible for unauthenticated attackers to purge the varnish cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.https://nvd.nist.gov/vuln/detail/CVE-2023-1920
CVE-2023-1921The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_start_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.https://nvd.nist.gov/vuln/detail/CVE-2023-1921
CVE-2023-1922The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_pause_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.https://nvd.nist.gov/vuln/detail/CVE-2023-1922
CVE-2023-1923The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_remove_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.https://nvd.nist.gov/vuln/detail/CVE-2023-1923
CVE-2023-1924The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_toolbar_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.https://nvd.nist.gov/vuln/detail/CVE-2023-1924
CVE-2023-1925The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_clear_cache_of_allsites_callback function. This makes it possible for unauthenticated attackers to clear caches via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.https://nvd.nist.gov/vuln/detail/CVE-2023-1925
CVE-2023-1926The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.https://nvd.nist.gov/vuln/detail/CVE-2023-1926
CVE-2023-29014The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a user into following a specially crafted link to a Goobi viewer installation, resulting in the execution of malicious script code in the user's browser. The vulnerability has been fixed in version 23.03.https://nvd.nist.gov/vuln/detail/CVE-2023-29014
CVE-2023-29015The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment. The vulnerability has been fixed in version 23.03.https://nvd.nist.gov/vuln/detail/CVE-2023-29015
CVE-2023-29016The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter malicious scripts into their profile's nickname, resulting in the execution in the user's browser when displaying the nickname on certain pages. The vulnerability has been fixed in version 23.03.https://nvd.nist.gov/vuln/detail/CVE-2023-29016
CVE-2023-29017vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.15 of vm2. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-29017
CVE-2023-29465SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example) allows a local user to overwrite files with the privileges of a different user (who is running FlintQS).https://nvd.nist.gov/vuln/detail/CVE-2023-29465
CVE-2014-125094A vulnerability classified as problematic was found in phpMiniAdmin up to 1.8.120510. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.140405 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-225001 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2014-125094
CVE-2023-1927The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.https://nvd.nist.gov/vuln/detail/CVE-2023-1927
CVE-2023-1928The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiate cache creation.https://nvd.nist.gov/vuln/detail/CVE-2023-1928
CVE-2023-1929The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache.https://nvd.nist.gov/vuln/detail/CVE-2023-1929
CVE-2023-1930The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to delete caches.https://nvd.nist.gov/vuln/detail/CVE-2023-1930
CVE-2023-1931The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache deletion.https://nvd.nist.gov/vuln/detail/CVE-2023-1931
CVE-2023-29473webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23710.https://nvd.nist.gov/vuln/detail/CVE-2023-29473
CVE-2023-29474inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23552.https://nvd.nist.gov/vuln/detail/CVE-2023-29474
CVE-2023-29475inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23543.https://nvd.nist.gov/vuln/detail/CVE-2023-29475
CVE-2020-11935It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.https://nvd.nist.gov/vuln/detail/CVE-2020-11935
CVE-2023-24797D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack overflow in the sub_48AC20 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-24797
CVE-2023-24798D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-24798
CVE-2023-24799D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-24799
CVE-2023-24800D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-24800
CVE-2023-25210Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-25210
CVE-2023-25211Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-25211
CVE-2023-25212Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirelessRepeat function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-25212
CVE-2023-25213Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the check_param_changed function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-25213
CVE-2023-25214Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-25214
CVE-2023-25215Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-25215
CVE-2023-25216Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-25216
CVE-2023-25217Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formWifiBasicSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-25217
CVE-2023-25218Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-25218
CVE-2023-25219Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-25219
CVE-2023-25220Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the add_white_node function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-25220
CVE-2023-27012Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27012
CVE-2023-27013Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27013
CVE-2023-27014Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27014
CVE-2023-27015Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27015
CVE-2023-27016Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27016
CVE-2023-27017Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27017
CVE-2023-27018Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27018
CVE-2023-27019Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27019
CVE-2023-27020Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27020
CVE-2023-27021Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27021
CVE-2023-26817codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE) vulnerability via the component /controllers/api/user.php.https://nvd.nist.gov/vuln/detail/CVE-2023-26817
CVE-2023-26820siteproxy v1.0 was discovered to contain a path traversal vulnerability via the component index.js.https://nvd.nist.gov/vuln/detail/CVE-2023-26820
CVE-2023-26848TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules.https://nvd.nist.gov/vuln/detail/CVE-2023-26848
CVE-2023-26978TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg.https://nvd.nist.gov/vuln/detail/CVE-2023-26978
CVE-2023-29478BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution.https://nvd.nist.gov/vuln/detail/CVE-2023-29478
CVE-2023-28051Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system.https://nvd.nist.gov/vuln/detail/CVE-2023-28051
CVE-2023-1937A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-225264.https://nvd.nist.gov/vuln/detail/CVE-2023-1937
CVE-2023-24402Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin <= 2.0.18 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24402
CVE-2023-25059Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin <= 3.0.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25059
CVE-2023-25061Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25061
CVE-2023-24398Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin <= 1.0.7.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24398
CVE-2023-25046Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25046
CVE-2023-25022Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.8 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25022
CVE-2023-25023Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saleswonder.Biz Webinar ignition plugin <= 2.14.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25023
CVE-2023-25024Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Icegram Icegram Collect plugin <= 1.3.8 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25024
CVE-2023-25027Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Chained Quiz plugin <= 1.3.2.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25027
CVE-2023-23885Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23885
CVE-2023-23994Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcel Bootsman Auto Hide Admin Bar plugin <= 1.6.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23994
CVE-2023-25020Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25020
CVE-2023-25031Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25031
CVE-2023-25041Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Monolit theme <= 2.0.6 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25041
CVE-2023-25049Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25049
CVE-2023-25716Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin <= 1.5.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25716
CVE-2023-28993Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On Line plugin <= 4.6.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-28993
CVE-2023-29236Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Outdoor theme <= 3.9.6 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-29236
CVE-2022-34333IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698.https://nvd.nist.gov/vuln/detail/CVE-2022-34333
CVE-2023-25464Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StreamWeasels Twitch Player plugin <= 2.1.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25464
CVE-2023-25702Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25702
CVE-2023-25705Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Go Prayer WP Prayer plugin <= 1.9.6 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25705
CVE-2023-25711Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus WPGlobus Translate Options plugin <= 2.1.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25711
CVE-2023-25712Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-Buddy Google Analytics Opt-Out plugin <= 2.3.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25712
CVE-2023-25713Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25713
CVE-2023-29094Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.20 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-29094
CVE-2022-33959IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320.https://nvd.nist.gov/vuln/detail/CVE-2022-33959
CVE-2022-43914IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 241036.https://nvd.nist.gov/vuln/detail/CVE-2022-43914
CVE-2022-43928The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675.https://nvd.nist.gov/vuln/detail/CVE-2022-43928
CVE-2023-23799Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leonardo Giacone Easy Panorama plugin <= 1.1.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23799
CVE-2023-25442Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marcel Pol Zeno Font Resizer plugin <= 1.7.9 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25442
CVE-2023-27620Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.12 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-27620
CVE-2023-27801H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27801
CVE-2023-27802H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditvsList parameter at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27802
CVE-2023-27803H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27803
CVE-2023-27804H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27804
CVE-2023-27805H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27805
CVE-2023-27806H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27806
CVE-2023-27807H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27807
CVE-2023-27808H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27808
CVE-2023-27810H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27810
CVE-2023-27876IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249975.https://nvd.nist.gov/vuln/detail/CVE-2023-27876
CVE-2023-28706Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28706
CVE-2023-28707Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28707
CVE-2023-28710Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28710
CVE-2023-28781Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-28781
CVE-2023-28789Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-28789
CVE-2023-28792Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-28792
CVE-2023-29170Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-29170
CVE-2023-29171Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Post Thumbnail plugin <= 4.1.10 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-29171
CVE-2023-29172Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.46 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-29172
CVE-2023-29388Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCode Product Catalog Simple plugin <= 1.6.17 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-29388
CVE-2023-1909A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225318 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-1909
CVE-2023-1940A vulnerability classified as critical was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This vulnerability affects unknown code of the file delete_user_query.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225316.https://nvd.nist.gov/vuln/detail/CVE-2023-1940
CVE-2023-1941A vulnerability, which was classified as critical, has been found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225317 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-1941
CVE-2023-1942A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225319.https://nvd.nist.gov/vuln/detail/CVE-2023-1942
CVE-2023-23761An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist’s URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.https://nvd.nist.gov/vuln/detail/CVE-2023-23761
CVE-2023-23762An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.https://nvd.nist.gov/vuln/detail/CVE-2023-23762
CVE-2022-43309Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions.https://nvd.nist.gov/vuln/detail/CVE-2022-43309
CVE-2023-1801The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet.https://nvd.nist.gov/vuln/detail/CVE-2023-1801
CVE-2023-27033Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent().https://nvd.nist.gov/vuln/detail/CVE-2023-27033
CVE-2023-27180GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php.https://nvd.nist.gov/vuln/detail/CVE-2023-27180
CVE-2023-1946A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input --redacted-- leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225329 was assigned to this vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2023-1946
CVE-2023-1947A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-1947
CVE-2023-24626socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.https://nvd.nist.gov/vuln/detail/CVE-2023-24626
CVE-2023-1948A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225335.https://nvd.nist.gov/vuln/detail/CVE-2023-1948
CVE-2023-1949A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file change-password.php of the component Change Password Handler. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225336.https://nvd.nist.gov/vuln/detail/CVE-2023-1949
CVE-2023-1950A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file password-recovery.php of the component Password Recovery. The manipulation of the argument emailid/contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225337 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-1950
CVE-2013-10023A vulnerability was found in Editorial Calendar Plugin up to 2.6. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql injection. The attack can be launched remotely. Upgrading to version 2.7 is able to address this issue. The name of the patch is a9277f13781187daee760b4dfd052b1b68e101cc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-225151.https://nvd.nist.gov/vuln/detail/CVE-2013-10023
CVE-2015-10098A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152.https://nvd.nist.gov/vuln/detail/CVE-2015-10098
CVE-2023-1961A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/?page=system_info. The manipulation of the argument System Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225348.https://nvd.nist.gov/vuln/detail/CVE-2023-1961
CVE-2013-10024A vulnerability has been found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. The identifier VDB-225265 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2013-10024
CVE-2013-10025A vulnerability was found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. VDB-225266 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2013-10025
CVE-2023-30450rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches.https://nvd.nist.gov/vuln/detail/CVE-2023-30450
CVE-2012-10010A vulnerability was found in BestWebSoft Contact Form 3.21. It has been classified as problematic. This affects the function cntctfrm_settings_page of the file contact_form.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.22 is able to address this issue. The name of the patch is 8398d96ff0fe45ec9267d7259961c2ef89ed8005. It is recommended to upgrade the affected component. The identifier VDB-225321 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2012-10010
CVE-2014-125095A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The name of the patch is 4d531f74b4a801c805dc80360d4ea1312e9a278f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225320.https://nvd.nist.gov/vuln/detail/CVE-2014-125095
CVE-2023-1962A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225361 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-1962
CVE-2023-1963A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php of the component Search. The manipulation of the argument searchinput leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225359.https://nvd.nist.gov/vuln/detail/CVE-2023-1963
CVE-2023-1964A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. Affected is an unknown function of the file recovery.php of the component Password Reset. The manipulation of the argument uname/mobile leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225360.https://nvd.nist.gov/vuln/detail/CVE-2023-1964
CVE-2023-27727Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.https://nvd.nist.gov/vuln/detail/CVE-2023-27727
CVE-2023-27728Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.https://nvd.nist.gov/vuln/detail/CVE-2023-27728
CVE-2023-27729Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.https://nvd.nist.gov/vuln/detail/CVE-2023-27729
CVE-2023-27730Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.https://nvd.nist.gov/vuln/detail/CVE-2023-27730
CVE-2023-27718D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_498308 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27718
CVE-2023-27719D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_478360 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27719
CVE-2023-27720D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_48d630 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27720
CVE-2012-10011A vulnerability was found in HD FLV PLayer Plugin up to 1.7. It has been rated as critical. Affected by this issue is the function hd_add_media/hd_update_media of the file functions.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The name of the patch is 34d66b9f3231a0e2dc0e536a6fe615d736e863f7. It is recommended to upgrade the affected component. VDB-225350 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2012-10011
CVE-2009-10004A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has been classified as problematic. This affects the function sandbox_body_class of the file functions.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.6.1 is able to address this issue. The name of the patch is 8045b1e10970342f558b2c5f360e0bd135af2b10. It is recommended to upgrade the affected component. The identifier VDB-225357 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2009-10004
CVE-2012-10012A vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. Affected by this vulnerability is the function fcbk_bttn_plgn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is 33144ae5a45ed07efe7fceca901d91365fdbf7cb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225355.https://nvd.nist.gov/vuln/detail/CVE-2012-10012
CVE-2023-30456An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.https://nvd.nist.gov/vuln/detail/CVE-2023-30456
CVE-2014-125096A vulnerability was found in Fancy Gallery Plugin 1.5.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file class.options.php of the component Options Page. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.13 is able to address this issue. The name of the patch is fdf1f9e5a1ec738900f962e69c6fa4ec6055ed8d. It is recommended to upgrade the affected component. The identifier VDB-225349 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2014-125096
CVE-2014-125097A vulnerability, which was classified as problematic, was found in BestWebSoft Facebook Like Button up to 2.33. Affected is the function fcbkbttn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.34 is able to address this issue. The name of the patch is b766da8fa100779409a953f0e46c2a2448cbe99c. It is recommended to upgrade the affected component. VDB-225354 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2014-125097
CVE-2014-125098A vulnerability was found in Dart http_server up to 0.9.5 and classified as problematic. Affected by this issue is the function VirtualDirectory of the file lib/src/virtual_directory.dart of the component Directory Listing Handler. The manipulation of the argument request.uri.path leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.9.6 is able to address this issue. The name of the patch is 27c1cbd8125bb0369e675eb72e48218496e48ffb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225356.https://nvd.nist.gov/vuln/detail/CVE-2014-125098
CVE-2023-26120This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.https://nvd.nist.gov/vuln/detail/CVE-2023-26120
CVE-2023-27602\n\n\nIn Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types.\n\n\nWe recommend users upgrade the version of Linkis to version 1.3.2. \n\nFor versions \n\n<=1.3.1, we suggest turning on the file path check switch in linkis.properties\n\n`wds.linkis.workspace.filesystem.owner.check=true`\n`wds.linkis.workspace.filesystem.path.check=true`https://nvd.nist.gov/vuln/detail/CVE-2023-27602
CVE-2023-27603\n\n\nIn Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability.\n\n\nWe recommend users upgrade the version of Linkis to version 1.3.2.\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-27603
CVE-2023-27987\nIn Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values.\n\n\n\n\nWe recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1]\n https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token \n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-27987
CVE-2023-29215In Apache Linkis <=1.3.1, due to the lack of effective filtering\nof parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a\ndeserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected.\nWe recommend users upgrade the version of Linkis to version 1.3.2.\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29215
CVE-2023-29216\nIn Apache Linkis <=1.3.1, because the parameters are not\neffectively filtered, the attacker uses the MySQL data source and malicious parameters to\nconfigure a new data source to trigger a deserialization vulnerability, eventually leading to\nremote code execution.\n Versions of Apache Linkis <= 1.3.0 will be affected.\nWe recommend users upgrade the version of Linkis to version 1.3.2.\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29216
CVE-2021-45985In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.https://nvd.nist.gov/vuln/detail/CVE-2021-45985
CVE-2015-10099A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225351.https://nvd.nist.gov/vuln/detail/CVE-2015-10099
CVE-2023-26774An issue found in Sales Tracker Management System v.1.0 allows a remote attacker to access sensitive information via sales.php component of the admin/reports endpoint.https://nvd.nist.gov/vuln/detail/CVE-2023-26774
CVE-2020-36077SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the customer parameter of the orderadd.php filehttps://nvd.nist.gov/vuln/detail/CVE-2020-36077
CVE-2022-37462A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details.https://nvd.nist.gov/vuln/detail/CVE-2022-37462
CVE-2023-26788Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address.https://nvd.nist.gov/vuln/detail/CVE-2023-26788
CVE-2023-26860SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and before allow a remote attacker to gain privileges via the LgBudgetBudgetModuleFrontController::displayAjaxGenerateBudget component.https://nvd.nist.gov/vuln/detail/CVE-2023-26860
CVE-2022-39048ServiceNow Tokyo allows XSS.https://nvd.nist.gov/vuln/detail/CVE-2022-39048
CVE-2022-4827The WP Tiles WordPress plugin through 1.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attackshttps://nvd.nist.gov/vuln/detail/CVE-2022-4827
CVE-2023-0156The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin only displays the last 50 lines of the file.https://nvd.nist.gov/vuln/detail/CVE-2023-0156
CVE-2023-0157The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page.https://nvd.nist.gov/vuln/detail/CVE-2023-0157
CVE-2023-0363The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.https://nvd.nist.gov/vuln/detail/CVE-2023-0363
CVE-2023-0422The Article Directory WordPress plugin through 1.3 does not properly sanitize the `publish_terms_text` setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts.https://nvd.nist.gov/vuln/detail/CVE-2023-0422
CVE-2023-0423The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminhttps://nvd.nist.gov/vuln/detail/CVE-2023-0423
CVE-2023-0546The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to the form or admins previewing or editing the form.https://nvd.nist.gov/vuln/detail/CVE-2023-0546
CVE-2023-0605The Auto Rename Media On Upload WordPress plugin before 1.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).https://nvd.nist.gov/vuln/detail/CVE-2023-0605
CVE-2023-0874The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).https://nvd.nist.gov/vuln/detail/CVE-2023-0874
CVE-2023-0893The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)https://nvd.nist.gov/vuln/detail/CVE-2023-0893
CVE-2023-0983The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form.https://nvd.nist.gov/vuln/detail/CVE-2023-0983
CVE-2023-1120The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)https://nvd.nist.gov/vuln/detail/CVE-2023-1120
CVE-2023-1121The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)https://nvd.nist.gov/vuln/detail/CVE-2023-1121
CVE-2023-1122The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)https://nvd.nist.gov/vuln/detail/CVE-2023-1122
CVE-2023-1406The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-1406
CVE-2023-1425The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg WordPress plugin before 2.7.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as adminshttps://nvd.nist.gov/vuln/detail/CVE-2023-1425
CVE-2023-1426The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post.https://nvd.nist.gov/vuln/detail/CVE-2023-1426
CVE-2023-1478The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module.https://nvd.nist.gov/vuln/detail/CVE-2023-1478
CVE-2023-24181LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.https://nvd.nist.gov/vuln/detail/CVE-2023-24181
CVE-2023-25392Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Validation.https://nvd.nist.gov/vuln/detail/CVE-2023-25392
CVE-2022-41976An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile.https://nvd.nist.gov/vuln/detail/CVE-2022-41976
CVE-2023-1381The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution.https://nvd.nist.gov/vuln/detail/CVE-2023-1381
CVE-2023-29375An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector.https://nvd.nist.gov/vuln/detail/CVE-2023-29375
CVE-2023-29376An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries.https://nvd.nist.gov/vuln/detail/CVE-2023-29376
CVE-2023-1969A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file /admin/inventory/manage_stock.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225406 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-1969
CVE-2023-26919delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process.https://nvd.nist.gov/vuln/detail/CVE-2023-26919
CVE-2023-26986An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to their OA mailbox.https://nvd.nist.gov/vuln/detail/CVE-2023-26986
CVE-2023-27650An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-27650
CVE-2015-10100A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. The name of the patch is d0a19c6efcdc86d7093b369bc9e29a0629e57795. It is recommended to upgrade the affected component. The identifier VDB-225353 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2015-10100
CVE-2018-25084A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.1.3 is able to address this issue. The name of the patch is f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251. It is recommended to upgrade the affected component. VDB-225362 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2018-25084
CVE-2022-32871A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar informationhttps://nvd.nist.gov/vuln/detail/CVE-2022-32871
CVE-2022-42858A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2022-42858
CVE-2022-46703A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to read sensitive location informationhttps://nvd.nist.gov/vuln/detail/CVE-2022-46703
CVE-2022-46709A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16. An app may be able to execute arbitrary code with kernel privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2022-46709
CVE-2022-46716A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. Private Relay functionality did not match system settingshttps://nvd.nist.gov/vuln/detail/CVE-2022-46716
CVE-2022-46717A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2. A user with physical access to a locked Apple Watch may be able to view user photos via accessibility featureshttps://nvd.nist.gov/vuln/detail/CVE-2022-46717
CVE-2023-26063Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type.https://nvd.nist.gov/vuln/detail/CVE-2023-26063
CVE-2023-26064Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write.https://nvd.nist.gov/vuln/detail/CVE-2023-26064
CVE-2023-26065Certain Lexmark devices through 2023-02-19 have an Integer Overflow.https://nvd.nist.gov/vuln/detail/CVE-2023-26065
CVE-2023-26066Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.https://nvd.nist.gov/vuln/detail/CVE-2023-26066
CVE-2023-26067Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).https://nvd.nist.gov/vuln/detail/CVE-2023-26067
CVE-2023-26068Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).https://nvd.nist.gov/vuln/detail/CVE-2023-26068
CVE-2023-26069Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4).https://nvd.nist.gov/vuln/detail/CVE-2023-26069
CVE-2023-26070Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4).https://nvd.nist.gov/vuln/detail/CVE-2023-26070
CVE-2023-26495An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2023-26495
CVE-2023-26466A user with non-Admin access can change a configuration file on the client to modify the Server URL.https://nvd.nist.gov/vuln/detail/CVE-2023-26466
CVE-2023-26773Cross Site Scripting vulnerability found in Sales Tracker Management System v.1.0 allows a remote attacker to gain privileges via the product list function in the Master.php file.https://nvd.nist.gov/vuln/detail/CVE-2023-26773
CVE-2023-27076Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-27076
CVE-2023-27178An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file.https://nvd.nist.gov/vuln/detail/CVE-2023-27178
CVE-2023-28093A user with a compromised configuration can start an unsigned binary as a service.https://nvd.nist.gov/vuln/detail/CVE-2023-28093
CVE-2023-29005Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`.https://nvd.nist.gov/vuln/detail/CVE-2023-29005
CVE-2023-1668A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.https://nvd.nist.gov/vuln/detail/CVE-2023-1668
CVE-2023-1916A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.https://nvd.nist.gov/vuln/detail/CVE-2023-1916
CVE-2023-24721A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary web scripts or HTML.https://nvd.nist.gov/vuln/detail/CVE-2023-24721
CVE-2023-26467A man in the middle can redirect traffic to a malicious server in a compromised configuration.https://nvd.nist.gov/vuln/detail/CVE-2023-26467
CVE-2023-29192SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19.https://nvd.nist.gov/vuln/detail/CVE-2023-29192
CVE-2022-38604Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-38604
CVE-2022-43293Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \\Wacom\\Wacom_Tablet.exe.https://nvd.nist.gov/vuln/detail/CVE-2022-43293
CVE-2023-24182LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.https://nvd.nist.gov/vuln/detail/CVE-2023-24182
CVE-2023-27191An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the SharedPreference files.https://nvd.nist.gov/vuln/detail/CVE-2023-27191
CVE-2023-28340Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.https://nvd.nist.gov/vuln/detail/CVE-2023-28340
CVE-2023-28341Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.https://nvd.nist.gov/vuln/detail/CVE-2023-28341
CVE-2023-1903SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-1903
CVE-2023-24527SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability and integrity.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-24527
CVE-2023-26458An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-26458
CVE-2023-27267Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-27267
CVE-2023-27497Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-27497
CVE-2023-27499SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user's browser. The information from the victim's web browser can either be modified or read and sent to the attacker.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-27499
CVE-2023-27897In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can can have limited impact on confidentiality and integrity of non-critical user or application data and application availability.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-27897
CVE-2023-28761In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28761
CVE-2023-28763SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28763
CVE-2023-28765An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and depending on the privileges of the BI user, the attacker can perform operations that can completely compromise the application.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28765
CVE-2023-29108The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29108
CVE-2023-29109The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29109
CVE-2023-29110The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker can inject images from the foreign domains. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29110
CVE-2023-29111The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the confidentiality of the application.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29111
CVE-2023-29112The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29112
CVE-2023-29185SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29185
CVE-2023-29186In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially critical OS files can be overwritten making the system unavailable.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29186
CVE-2023-29187A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the attackers control.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29187
CVE-2023-29189SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29189
CVE-2023-26121All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content.https://nvd.nist.gov/vuln/detail/CVE-2023-26121
CVE-2023-26122All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation.\rExploiting this vulnerability might result in remote code execution ("RCE").\r\r**Vulnerable functions:**\r\r__defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().https://nvd.nist.gov/vuln/detail/CVE-2023-26122
CVE-2023-29492Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.https://nvd.nist.gov/vuln/detail/CVE-2023-29492
CVE-2023-22282WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service.https://nvd.nist.gov/vuln/detail/CVE-2023-22282
CVE-2023-22429Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials (API key for an external service), which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary.https://nvd.nist.gov/vuln/detail/CVE-2023-22429
CVE-2023-23572Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.https://nvd.nist.gov/vuln/detail/CVE-2023-23572
CVE-2023-23575Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).https://nvd.nist.gov/vuln/detail/CVE-2023-23575
CVE-2023-24464Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlierhttps://nvd.nist.gov/vuln/detail/CVE-2023-24464
CVE-2023-24544Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product. As a result, the product settings may be altered. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlierhttps://nvd.nist.gov/vuln/detail/CVE-2023-24544
CVE-2023-25755Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file. If a user of Screen Creator Advance 2 opens a specially crafted project file, information may be disclosed and/or arbitrary code may be executed.https://nvd.nist.gov/vuln/detail/CVE-2023-25755
CVE-2023-25950HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition.https://nvd.nist.gov/vuln/detail/CVE-2023-25950
CVE-2023-25955National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.https://nvd.nist.gov/vuln/detail/CVE-2023-25955
CVE-2023-26588Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlierhttps://nvd.nist.gov/vuln/detail/CVE-2023-26588
CVE-2023-26593CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and laterhttps://nvd.nist.gov/vuln/detail/CVE-2023-26593
CVE-2023-27389Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).https://nvd.nist.gov/vuln/detail/CVE-2023-27389
CVE-2023-27520Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.https://nvd.nist.gov/vuln/detail/CVE-2023-27520
CVE-2023-27917OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).https://nvd.nist.gov/vuln/detail/CVE-2023-27917
CVE-2023-28368TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.https://nvd.nist.gov/vuln/detail/CVE-2023-28368
CVE-2023-1974Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8.https://nvd.nist.gov/vuln/detail/CVE-2023-1974
CVE-2023-1975Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8.https://nvd.nist.gov/vuln/detail/CVE-2023-1975
CVE-2023-1976Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.1.0.https://nvd.nist.gov/vuln/detail/CVE-2023-1976
CVE-2022-47335In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.https://nvd.nist.gov/vuln/detail/CVE-2022-47335
CVE-2022-47336In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.https://nvd.nist.gov/vuln/detail/CVE-2022-47336
CVE-2022-47337In media service, there is a missing permission check. This could lead to local denial of service in media service.https://nvd.nist.gov/vuln/detail/CVE-2022-47337
CVE-2022-47338In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.https://nvd.nist.gov/vuln/detail/CVE-2022-47338
CVE-2022-47362In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.https://nvd.nist.gov/vuln/detail/CVE-2022-47362
CVE-2022-47463In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.https://nvd.nist.gov/vuln/detail/CVE-2022-47463
CVE-2022-47464In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.https://nvd.nist.gov/vuln/detail/CVE-2022-47464
CVE-2022-47465In vdsp service, there is a missing permission check. This could lead to local denial of service in vdsp service.https://nvd.nist.gov/vuln/detail/CVE-2022-47465
CVE-2022-47466In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.https://nvd.nist.gov/vuln/detail/CVE-2022-47466
CVE-2022-47467In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.https://nvd.nist.gov/vuln/detail/CVE-2022-47467
CVE-2022-47468In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.https://nvd.nist.gov/vuln/detail/CVE-2022-47468
CVE-2023-26917libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c.https://nvd.nist.gov/vuln/detail/CVE-2023-26917
CVE-2023-27179GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.https://nvd.nist.gov/vuln/detail/CVE-2023-27179
CVE-2023-27645An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters.https://nvd.nist.gov/vuln/detail/CVE-2023-27645
CVE-2023-0645An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit  https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159https://nvd.nist.gov/vuln/detail/CVE-2023-0645
CVE-2023-26964An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).https://nvd.nist.gov/vuln/detail/CVE-2023-26964
CVE-2023-28062\nDell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28062
CVE-2023-1552ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configuration file. Two CVSS scores have been provided to capture the differences between the two aforementioned attack vectors. \n\nCustomers are advised to update to ToolboxST 7.10 which can be found in ControlST 7.10. If unable to update at this time customers should ensure they are following the guidance laid out in GE Gas Power's Secure Deployment Guide (GEH-6839). Customers should ensure they are not running ToolboxST as an Administrative user. https://nvd.nist.gov/vuln/detail/CVE-2023-1552
CVE-2023-23277Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field.https://nvd.nist.gov/vuln/detail/CVE-2023-23277
CVE-2023-26845A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2023-26845
CVE-2023-26846A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates.https://nvd.nist.gov/vuln/detail/CVE-2023-26846
CVE-2023-26847A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates.https://nvd.nist.gov/vuln/detail/CVE-2023-26847
CVE-2023-27192An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the key_wifi_safe_net_check_url, KEY_Cirus_scan_whitelist and KEY_AD_NEW_USER_AVOID_TIME parameters.https://nvd.nist.gov/vuln/detail/CVE-2023-27192
CVE-2023-30465Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned content using an SQL injection attack, an attacker can extract the username of the   user with ID 1 from the "user" table, one character at a time.  Users are advised to upgrade to Apache InLong's 1.6.0 or cherry-pick [1] to solve it.\n \n https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html \n\n[1] https://github.com/apache/inlong/issues/7529 https://github.com/apache/inlong/issues/7529 \n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30465
CVE-2022-3695\nHitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present.   \n\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3695
CVE-2022-43770\nHitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API.   \n\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-43770
CVE-2022-27485A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request.https://nvd.nist.gov/vuln/detail/CVE-2022-27485
CVE-2022-27487A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests.https://nvd.nist.gov/vuln/detail/CVE-2022-27487
CVE-2022-35850An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting (XSS) attack via the "reset-password" page.https://nvd.nist.gov/vuln/detail/CVE-2022-35850
CVE-2022-40679An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.https://nvd.nist.gov/vuln/detail/CVE-2022-40679
CVE-2022-40682A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe.https://nvd.nist.gov/vuln/detail/CVE-2022-40682
CVE-2022-41330An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version 6.4.0 through 6.4.11 and before 6.2.12 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.https://nvd.nist.gov/vuln/detail/CVE-2022-41330
CVE-2022-41331A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests.https://nvd.nist.gov/vuln/detail/CVE-2022-41331
CVE-2022-42469A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal.https://nvd.nist.gov/vuln/detail/CVE-2022-42469
CVE-2022-42470A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe.https://nvd.nist.gov/vuln/detail/CVE-2022-42470
CVE-2022-42477An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries.https://nvd.nist.gov/vuln/detail/CVE-2022-42477
CVE-2022-43946Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute commands via writing data into a windows pipe.https://nvd.nist.gov/vuln/detail/CVE-2022-43946
CVE-2022-43947An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions.https://nvd.nist.gov/vuln/detail/CVE-2022-43947
CVE-2022-43948A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions, FortiADC 5.4 all versions, FortiADC 5.3 all versions, FortiADC 5.2 all versions, FortiADC 5.1 all versions allows attacker to execute unauthorized code or commands via specifically crafted arguments to existing commands.https://nvd.nist.gov/vuln/detail/CVE-2022-43948
CVE-2022-43951An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests.https://nvd.nist.gov/vuln/detail/CVE-2022-43951
CVE-2022-43952An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC version 7.1.1 and below, version 7.0.3 and below, version 6.2.5 and below may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests.https://nvd.nist.gov/vuln/detail/CVE-2022-43952
CVE-2022-43955An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report.https://nvd.nist.gov/vuln/detail/CVE-2022-43955
CVE-2023-1983A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/products/manage_product.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225530 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-1983
CVE-2023-22635A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade.https://nvd.nist.gov/vuln/detail/CVE-2023-22635
CVE-2023-22641A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specially crafted requests.https://nvd.nist.gov/vuln/detail/CVE-2023-22641
CVE-2023-22642An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources.https://nvd.nist.gov/vuln/detail/CVE-2023-22642
CVE-2023-27995A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-27995
CVE-2020-19802File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameter.https://nvd.nist.gov/vuln/detail/CVE-2020-19802
CVE-2020-19803Cross Site Request Forgery vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the background system settings.https://nvd.nist.gov/vuln/detail/CVE-2020-19803
CVE-2020-24736Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script.https://nvd.nist.gov/vuln/detail/CVE-2020-24736
CVE-2021-46878An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system.https://nvd.nist.gov/vuln/detail/CVE-2021-46878
CVE-2021-46879An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute arbitrary code on the target system.https://nvd.nist.gov/vuln/detail/CVE-2021-46879
CVE-2023-1939No access control for the OTP key \n\n on OTP entries\n\n in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface.https://nvd.nist.gov/vuln/detail/CVE-2023-1939
CVE-2023-1980Two factor \n\nauthentication\n\nbypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries.https://nvd.nist.gov/vuln/detail/CVE-2023-1980
CVE-2023-1984A vulnerability classified as critical was found in SourceCodester Complaint Management System 1.0. This vulnerability affects unknown code of the file /users/check_availability.php of the component POST Parameter Handler. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225532.https://nvd.nist.gov/vuln/detail/CVE-2023-1984
CVE-2023-1985A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. This issue affects the function save_brand of the file /classes/Master.php?f=save_brand. The manipulation of the argument name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225533 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-1985
CVE-2023-1986A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function delete_order of the file /classes/master.php?f=delete_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225534 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-1986
CVE-2023-1987A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is the function update_order_status of the file /classes/Master.php?f=update_order_status. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225535.https://nvd.nist.gov/vuln/detail/CVE-2023-1987
CVE-2023-1988A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=maintenance/brand. The manipulation of the argument Brand Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225536.https://nvd.nist.gov/vuln/detail/CVE-2023-1988
CVE-2020-9009The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number.https://nvd.nist.gov/vuln/detail/CVE-2020-9009
CVE-2022-46396An issue was discovered in the Arm Mali Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0.https://nvd.nist.gov/vuln/detail/CVE-2022-46396
CVE-2023-1989A use-after-free flaw was found in btsdio_remove in drivers\\bluetooth\\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.https://nvd.nist.gov/vuln/detail/CVE-2023-1989
CVE-2023-22612An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM.https://nvd.nist.gov/vuln/detail/CVE-2023-22612
CVE-2023-22614An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler.https://nvd.nist.gov/vuln/detail/CVE-2023-22614
CVE-2023-22615An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM.https://nvd.nist.gov/vuln/detail/CVE-2023-22615
CVE-2023-22808An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.https://nvd.nist.gov/vuln/detail/CVE-2023-22808
CVE-2023-24935Microsoft Edge (Chromium-based) Spoofing Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2023-24935
CVE-2023-25407Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials.https://nvd.nist.gov/vuln/detail/CVE-2023-25407
CVE-2023-25409Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets.https://nvd.nist.gov/vuln/detail/CVE-2023-25409
CVE-2023-25411Aten PE8108 2.4.232 is vulnerable to Cross Site Request Forgery (CSRF).https://nvd.nist.gov/vuln/detail/CVE-2023-25411
CVE-2023-25413Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials.https://nvd.nist.gov/vuln/detail/CVE-2023-25413
CVE-2023-25414Aten PE8108 2.4.232 is vulnerable to denial of service (DOS).https://nvd.nist.gov/vuln/detail/CVE-2023-25414
CVE-2023-25415Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Event Notification configuration.https://nvd.nist.gov/vuln/detail/CVE-2023-25415
CVE-2023-26260OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent.https://nvd.nist.gov/vuln/detail/CVE-2023-26260
CVE-2023-26551mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop.https://nvd.nist.gov/vuln/detail/CVE-2023-26551
CVE-2023-26552mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point.https://nvd.nist.gov/vuln/detail/CVE-2023-26552
CVE-2023-26553mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number.https://nvd.nist.gov/vuln/detail/CVE-2023-26553
CVE-2023-26554mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\\0' character.https://nvd.nist.gov/vuln/detail/CVE-2023-26554
CVE-2023-26555praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write.https://nvd.nist.gov/vuln/detail/CVE-2023-26555
CVE-2023-28808Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.https://nvd.nist.gov/vuln/detail/CVE-2023-28808
CVE-2023-29576Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_TrunAtom::SetDataOffset(int) function in Ap4TrunAtom.h.https://nvd.nist.gov/vuln/detail/CVE-2023-29576
CVE-2023-22613An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.https://nvd.nist.gov/vuln/detail/CVE-2023-22613
Tags
Bulletins
Share