Published on 26 Apr 2023 | Updated on 26 Apr 2023
SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.
The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:
Critical | vulnerabilities with a base score of 9.0 to 10.0 |
High | vulnerabilities with a base score of 7.0 to 8.9 |
Medium | vulnerabilities with a base score of 4.0 to 6.9 |
Low | vulnerabilities with a base score of 0.1 to 3.9 |
None | vulnerabilities with a base score of 0.0 |
For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2023-29199 | There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.16` of `vm2`.\n | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-29199 |
CVE-2015-8841 | Heap-based buffer overflow in the Archive support module in ESET NOD32 before update 11861 allows remote attackers to execute arbitrary code via a large number of languages in an EPOC installation file of type SIS_FILE_MULTILANG. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-8841 |
CVE-2018-0310 | A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected product. The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overread condition, which could allow the attacker to obtain sensitive information from memory or cause a DoS condition on the affected product. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69957, CSCve02435, CSCve04859, CSCve41536, CSCve41538, CSCve41559. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-0310 |
CVE-2016-1000027 | Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-1000027 |
CVE-2021-38297 | Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-38297 |
CVE-2021-42377 | An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42377 |
CVE-2021-44152 | An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-44152 |
CVE-2021-35068 | Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35068 |
CVE-2022-22956 | VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22956 |
CVE-2021-30341 | Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30341 |
CVE-2021-35104 | Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35104 |
CVE-2022-22086 | Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22086 |
CVE-2022-22087 | memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22087 |
CVE-2022-34149 | Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34149 |
CVE-2022-34858 | Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34858 |
CVE-2022-22096 | Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22096 |
CVE-2022-25657 | Memory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25657 |
CVE-2022-25658 | Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25658 |
CVE-2022-25659 | Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25659 |
CVE-2022-25668 | Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25668 |
CVE-2022-25686 | Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25686 |
CVE-2022-25688 | Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25688 |
CVE-2022-25708 | Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobile | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25708 |
CVE-2022-21797 | The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-21797 |
CVE-2022-25687 | memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25687 |
CVE-2022-25720 | Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25720 |
CVE-2022-25748 | Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25748 |
CVE-2022-42245 | Dreamer CMS 4.0.01 is vulnerable to SQL Injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42245 |
CVE-2022-1471 | SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1471 |
CVE-2022-40514 | Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40514 |
CVE-2023-25358 | A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25358 |
CVE-2023-25360 | A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25360 |
CVE-2023-25361 | A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25361 |
CVE-2023-25362 | A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25362 |
CVE-2023-25363 | A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25363 |
CVE-2023-25690 | Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\n\n\n\n\nConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\n\n\n\n\nRewriteEngine on\nRewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P]\nProxyPassReverse /here/ http://example.com:8080/\n\n\nRequest splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25690 |
CVE-2022-33256 | Memory corruption due to improper validation of array index in Multi-mode call processor. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33256 |
CVE-2022-40515 | Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40515 |
CVE-2022-40537 | Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40537 |
CVE-2023-28154 | Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28154 |
CVE-2022-2825 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2825 |
CVE-2023-25076 | A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25076 |
CVE-2023-27536 | An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27536 |
CVE-2023-27602 | \n\n\nIn Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types.\n\n\nWe recommend users upgrade the version of Linkis to version 1.3.2. \n\nFor versions \n\n<=1.3.1, we suggest turning on the file path check switch in linkis.properties\n\n`wds.linkis.workspace.filesystem.owner.check=true`\n`wds.linkis.workspace.filesystem.path.check=true` | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27602 |
CVE-2023-28489 | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation” is enabled. The parameter is disabled by default.\r\nThe vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28489 |
CVE-2023-27192 | An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the key_wifi_safe_net_check_url, KEY_Cirus_scan_whitelist and KEY_AD_NEW_USER_AVOID_TIME parameters. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27192 |
CVE-2020-19802 | File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-19802 |
CVE-2023-1984 | A vulnerability classified as critical was found in SourceCodester Complaint Management System 1.0. This vulnerability affects unknown code of the file /users/check_availability.php of the component POST Parameter Handler. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225532. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1984 |
CVE-2023-21554 | Microsoft Message Queuing Remote Code Execution Vulnerability | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21554 |
CVE-2023-23384 | Microsoft SQL Server Remote Code Execution Vulnerability | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23384 |
CVE-2023-28808 | Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28808 |
CVE-2023-27032 | Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups(). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27032 |
CVE-2023-28121 | An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28121 |
CVE-2022-25678 | Memory correction in modem due to buffer overwrite during coap connection | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25678 |
CVE-2022-25740 | Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25740 |
CVE-2022-25745 | Memory corruption in modem due to improper input validation while handling the incoming CoAP message | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25745 |
CVE-2022-33211 | memory corruption in modem due to improper check while calculating size of serialized CoAP message | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33211 |
CVE-2022-33259 | Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33259 |
CVE-2023-29598 | lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability via the setbook parameter at index.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29598 |
CVE-2023-27779 | AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user parameter in the login form. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27779 |
CVE-2023-27667 | Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27667 |
CVE-2023-27746 | BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27746 |
CVE-2023-27748 | BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27748 |
CVE-2022-48468 | protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48468 |
CVE-2023-26918 | Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\\FileReplicationPro allows Everyone:(F) access. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26918 |
CVE-2023-29622 | Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29622 |
CVE-2023-2037 | A vulnerability was found in Campcodes Video Sharing Website 1.0. It has been classified as critical. This affects an unknown part of the file watch.php. The manipulation of the argument code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225915. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2037 |
CVE-2023-1863 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Computer Water Metering Software allows Command Line Execution through SQL Injection.This issue affects Water Metering Software: before 23.04.06.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1863 |
CVE-2023-2043 | A vulnerability, which was classified as problematic, was found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/customerdb/operator.svc/a of the component Edit Handler. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-225921 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2043 |
CVE-2022-47027 | Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary files in its internal storage via a dictionary traversal vulnerability and achieve arbitrary code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47027 |
CVE-2023-1617 | Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization.\nThis issue affects B&R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1617 |
CVE-2023-27648 | Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27648 |
CVE-2023-2050 | A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/positions_add.php. The manipulation of the argument description leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225935. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2050 |
CVE-2023-2051 | A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/positions_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225936. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2051 |
CVE-2023-2052 | A vulnerability classified as critical was found in Campcodes Advanced Online Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ballot_down.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225937 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2052 |
CVE-2022-45173 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the application into concluding that the TOTP was correct. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45173 |
CVE-2022-45174 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by passing any string as the backup code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45174 |
CVE-2023-1803 | Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1803 |
CVE-2023-1833 | Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1833 |
CVE-2023-29798 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29798 |
CVE-2023-29799 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29799 |
CVE-2023-29800 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29800 |
CVE-2023-29801 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29801 |
CVE-2023-29802 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29802 |
CVE-2023-29803 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29803 |
CVE-2023-29805 | WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29805 |
CVE-2023-2056 | A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file module_main.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225941 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2056 |
CVE-2022-3748 | Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass.This issue affects Access Management: from 6.5.0 through 7.2.0.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3748 |
CVE-2023-27654 | An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27654 |
CVE-2023-2075 | A vulnerability classified as critical has been found in Campcodes Online Traffic Offense Management System 1.0. This affects an unknown part of the file /admin/offenses/view_details.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226053 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2075 |
CVE-2021-46880 | x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-46880 |
CVE-2023-26463 | strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26463 |
CVE-2023-2027 | The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2027 |
CVE-2023-2092 | A vulnerability, which was classified as critical, has been found in SourceCodester Vehicle Service Management System 1.0. Affected by this issue is some unknown functionality of the file view_service.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226100. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2092 |
CVE-2023-2093 | A vulnerability, which was classified as critical, was found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226101 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2093 |
CVE-2023-2094 | A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226102 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2094 |
CVE-2023-2095 | A vulnerability was found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226103. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2095 |
CVE-2023-2096 | A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/service_requests/manage_inventory.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226104. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2096 |
CVE-2023-2097 | A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226105 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2097 |
CVE-2022-2525 | Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2525 |
CVE-2023-2106 | Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2106 |
CVE-2023-2107 | A vulnerability, which was classified as critical, was found in IBOS 4.5.5. Affected is an unknown function of the file file/personal/del&op=recycle. The manipulation of the argument fids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226110 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2107 |
CVE-2018-17452 | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-17452 |
CVE-2022-34128 | The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34128 |
CVE-2021-33990 | Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33990 |
CVE-2023-2108 | A vulnerability has been found in SourceCodester Judging Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file edit_contestant.php. The manipulation of the argument contestant_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226147. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2108 |
CVE-2023-1723 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection.This issue affects Mobile Assistant: before 21.S.2343.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1723 |
CVE-2023-2144 | A vulnerability was found in Campcodes Online Thesis Archiving System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/departments/view_department.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226265 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2144 |
CVE-2023-2145 | A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. It has been classified as critical. Affected is an unknown function of the file projects_per_curriculum.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226266 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2145 |
CVE-2023-2148 | A vulnerability classified as critical has been found in Campcodes Online Thesis Archiving System 1.0. This affects an unknown part of the file /admin/curriculum/view_curriculum.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226269 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2148 |
CVE-2023-2149 | A vulnerability classified as critical was found in Campcodes Online Thesis Archiving System 1.0. This vulnerability affects unknown code of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226270 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2149 |
CVE-2023-21096 | In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-254774758 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21096 |
CVE-2022-23806 | Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-23806 |
CVE-2021-35088 | Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-35088 |
CVE-2021-35083 | Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-35083 |
CVE-2022-22062 | An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-22062 |
CVE-2022-47931 | IO FinNet tss-lib before 2.0.0 allows a collision of hash values. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-47931 |
CVE-2022-2560 | This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-2560 |
CVE-2022-2848 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-2848 |
CVE-2023-27812 | bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27812 |
CVE-2023-27830 | TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account. | 9 | https://nvd.nist.gov/vuln/detail/CVE-2023-27830 |
CVE-2023-29201 | XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped `--redacted--mmons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped `<script>` and `<style>`-tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like `<iframe>`. As a consequence, any code relying on this "restricted" mode for security is vulnerable to JavaScript injection ("cross-site scripting"/XSS). When a privileged user with programming rights visits such a comment in XWiki, the malicious JavaScript code is executed in the context of the user session. This allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. This problem has been patched in XWiki 14.6 RC1 with the introduction of a filter with allowed HTML elements and attributes that is enabled in restricted mode. There are no known workarounds apart from upgrading to a version including the fix | 9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29201 |
CVE-2023-29202 | XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter `content` was set to `true`. This allowed arbitrary HTML and in particular also JavaScript injection and thus cross-site scripting (XSS) by specifying an RSS feed with malicious content. With the interaction of a user with programming rights, this could be used to execute arbitrary actions in the wiki, including privilege escalation, remote code execution, information disclosure, modifying or deleting content and sabotaging the wiki. The issue has been patched in XWiki 14.6 RC1, the content of the feed is now properly cleaned before being displayed. As a workaround, if the RSS macro isn't used in the wiki, the macro can be uninstalled by deleting `WEB-INF/lib/xwiki-platform-rendering-macro-rss-XX.jar`, where `XX` is XWiki's version, in the web application's directory. | 9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29202 |
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2017-12277 | A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. This vulnerability affects the following Cisco Firepower Security products running FX-OS code trains 1.1.3, 1.1.4, and 2.0.1 (versions 2.1.1, 2.2.1, and 2.2.2 are not affected): Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance. Cisco Bug IDs: CSCvb86863. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12277 |
CVE-2018-0303 | A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2 adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. This vulnerability affects the following if configured to use Cisco Discovery Protocol: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc22202, CSCvc22205, CSCvc22208, CSCvc88078, CSCvc88150, CSCvc88159, CSCvc88162, CSCvc88167. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-0303 |
CVE-2020-3172 | A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3172 |
CVE-2021-1368 | A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted Cisco UDLD protocol packets to a directly connected, affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco UDLD process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. The attacker needs full control of a directly connected device. That device must be connected over a port channel that has UDLD enabled. To trigger arbitrary code execution, both the UDLD-enabled port channel and specific system conditions must exist. In the absence of either the UDLD-enabled port channel or the system conditions, attempts to exploit this vulnerability will result in a DoS condition. It is possible, but highly unlikely, that an attacker could control the necessary conditions for exploitation. The CVSS score reflects this possibility. However, given the complexity of exploitation, Cisco has assigned a Medium Security Impact Rating (SIR) to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1368 |
CVE-2021-35110 | Possible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon Mobile | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35110 |
CVE-2021-35123 | Buffer copy in GATT multi notification due to improper length check for the data coming over-the-air in Snapdragon Connectivity, Snapdragon Industrial IOT | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35123 |
CVE-2021-40335 | A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., link is sent per E-Mail, could perform harmful command on MSM through its web server interface. This issue affects: Hitachi Energy MSM V2.2 and prior versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40335 |
CVE-2021-40336 | A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user’s web browser, such as to steal the session cookies. Thus, an attacker who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., the link is sent per E-Mail, could trick the user into downloading malicious software onto his computer. This issue affects: Hitachi Energy MSM V2.2 and prior versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40336 |
CVE-2022-34883 | OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34883 |
CVE-2022-22088 | Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22088 |
CVE-2023-27490 | NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions before `v4.20.1` have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to **log in as the victim**, bypassing the CSRF protection. This is due to a partial failure during a compromised OAuth session where a session code is erroneously generated. This issue has been addressed in version 4.20.1. Users are advised to upgrade. Users unable to upgrade may using Advanced Initialization, manually check the callback request for state, pkce, and nonce against the provider configuration to prevent this issue. See the linked GHSA for details. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27490 |
CVE-2022-33213 | Memory corruption in modem due to buffer overflow while processing a PPP packet | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33213 |
CVE-2023-1532 | Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1532 |
CVE-2023-1534 | Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1534 |
CVE-2023-23355 | A vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated administrators to execute arbitrary commands via susceptible QNAP devices. The vulnerability affects the following QNAP operating systems:\nQTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR\nQES is not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2346 build 20230322 and later\nQuTS hero h5.0.1.2348 build 20230324 and later\nQuTS hero h4.5.4.2374 build 20230417 and later\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23355 |
CVE-2023-27533 | A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27533 |
CVE-2023-27534 | A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27534 |
CVE-2023-1406 | The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1406 |
CVE-2023-28205 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28205 |
CVE-2023-1976 | Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1976 |
CVE-2020-19803 | Cross Site Request Forgery vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the background system settings. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-19803 |
CVE-2023-21727 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21727 |
CVE-2023-28297 | Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28297 |
CVE-2023-27826 | SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem() function. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27826 |
CVE-2023-1874 | The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiple_roles_update function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wpda_role[]' parameter during a profile update. This requires the 'Enable role management' setting to be enabled for the site. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1874 |
CVE-2023-27216 | An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27216 |
CVE-2023-30525 | A cross-site request forgery (CSRF) vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30525 |
CVE-2022-33288 | Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33288 |
CVE-2023-29597 | bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29597 |
CVE-2023-22951 | An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22951 |
CVE-2023-2034 | Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2034 |
CVE-2023-29621 | Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29621 |
CVE-2023-29625 | Employee Performance Evaluation System v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29625 |
CVE-2023-29627 | Online Pizza Ordering v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29627 |
CVE-2023-2039 | A vulnerability was found in novel-plus 3.6.2. It has been rated as critical. This issue affects some unknown processing of the file /author/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225917 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2039 |
CVE-2023-2040 | A vulnerability classified as critical has been found in novel-plus 3.6.2. Affected is an unknown function of the file /news/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225918 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2040 |
CVE-2023-2041 | A vulnerability classified as critical was found in novel-plus 3.6.2. Affected by this vulnerability is an unknown functionality of the file /category/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2041 |
CVE-2023-2042 | A vulnerability, which was classified as problematic, has been found in DataGear up to 4.5.1. Affected by this issue is some unknown functionality of the component JDBC Server Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225920. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2042 |
CVE-2023-29584 | mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel function at /src/mp4.cpp. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29584 |
CVE-2022-45178 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A malicious user (already logged in as a SAML User) is able to achieve privilege escalation from a low-privilege user (FGM user) to an administrative user (GGU user), including the administrator, or create new users even without an admin role. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45178 |
CVE-2023-29804 | WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the sys_smb_pwdmod function. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29804 |
CVE-2023-29018 | The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on `open-feature-operator-controller-manager` to escalate the privileges of any SA in the cluster. The increased privileges could be used to modify cluster state, leading to DoS, or read sensitive data, including secrets. Version 0.2.32 mitigates this issue by restricting the resources the `open-feature-operator-controller-manager` can modify. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29018 |
CVE-2023-2033 | Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2033 |
CVE-2023-30535 | Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. The vulnerability was patched on March 17, 2023 as part of Snowflake JDBC driver Version 3.13.29. All users should immediately upgrade the Snowflake JDBC driver to the latest version: 3.13.29. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30535 |
CVE-2022-45030 | A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45030 |
CVE-2023-2089 | A vulnerability was found in SourceCodester Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/userprofile.php of the component GET Parameter Handler. The manipulation of the argument uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226097 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2089 |
CVE-2023-2090 | A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is an unknown function of the file /admin/maintenance/view_designation.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226098 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2090 |
CVE-2023-2105 | Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2105 |
CVE-2023-29209 | XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the macro parameters of the legacy notification activity macro. This macro is installed by default in XWiki. The vulnerability can be exploited via every wiki page that is editable including the user's profile, but also with just view rights using the HTMLConverter that is part of the CKEditor integration which is bundled with XWiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29209 |
CVE-2023-29210 | XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the user parameter of the macro that provide the notification filters. These macros are used in the user profiles and thus installed by default in XWiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29210 |
CVE-2018-17451 | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-17451 |
CVE-2022-38841 | Linksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacharacters to the diagnostics traceroute page. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38841 |
CVE-2023-29509 | XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the `documentTree` macro parameters in This macro is installed by default in `FlamingoThemesCode.WebHome`. This page is installed by default. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29509 |
CVE-2023-30474 | Cross-Site Request Forgery (CSRF) vulnerability in Kilian Evang Ultimate Noindex Nofollow Tool II plugin <= 1.3 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30474 |
CVE-2023-0765 | The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0765 |
CVE-2023-21085 | In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-264879662 | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21085 |
CVE-2017-3883 | A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload. An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects the following Cisco products if they are running Cisco FXOS or NX-OS System Software that is configured for AAA services: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System (UCS) 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuq58760, CSCuq71257, CSCur97432, CSCus05214, CSCux54898, CSCvc33141, CSCvd36971, CSCve03660. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2017-3883 |
CVE-2019-1858 | A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when processing inbound SNMP packets. An attacker could exploit this vulnerability by sending multiple crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the SNMP application to leak system memory because of an improperly handled error condition during packet processing. Over time, this memory leak could cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-1858 |
CVE-2020-3517 | A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about the attack vector, see the Details section of this advisory. The vulnerability is due to insufficient error handling when the affected software parses Cisco Fabric Services messages. An attacker could exploit this vulnerability by sending malicious Cisco Fabric Services messages to an affected device. A successful exploit could allow the attacker to cause a reload of an affected device, which could result in a DoS condition. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-3517 |
CVE-2020-17354 | LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-17354 |
CVE-2021-35134 | Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 8.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-35134 |
CVE-2023-21923 | Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Health Sciences InForm accessible data as well as unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21923 |
CVE-2023-28427 | matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-28427 |
CVE-2023-1668 | A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-1668 |
CVE-2023-21990 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-21990 |
CVE-2021-35535 | Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-35535 |
CVE-2021-30347 | Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-30347 |
CVE-2022-3964 | A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-3964 |
CVE-2022-3965 | A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-3965 |
CVE-2022-33268 | Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-33268 |
CVE-2022-48434 | libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used). | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-48434 |
CVE-2022-43770 | \nHitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API. \n\n | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-43770 |
CVE-2023-25409 | Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25409 |
CVE-2023-28268 | Netlogon RPC Elevation of Privilege Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28268 |
CVE-2018-1168 | This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-1168 |
CVE-2018-0302 | A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation in the CLI parser subsystem. An attacker could exploit this vulnerability by exceeding the expected length of user input. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61099, CSCvb86743. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-0302 |
CVE-2019-12699 | Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12699 |
CVE-2020-3167 | A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3167 |
CVE-2021-30308 | Possible buffer overflow while printing the HARQ memory partition detail due to improper validation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30308 |
CVE-2021-30311 | Possible heap overflow due to lack of index validation before allocating and writing to heap buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30311 |
CVE-2021-30319 | Possible integer overflow due to improper validation of command length parameters while processing WMI command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30319 |
CVE-2021-30318 | Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30318 |
CVE-2021-30322 | Possible out of bounds write due to improper validation of number of GPIOs configured in an internal parameters array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30322 |
CVE-2021-35069 | Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35069 |
CVE-2021-35074 | Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35074 |
CVE-2021-35075 | Possible null pointer dereference due to lack of WDOG structure validation during registration in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35075 |
CVE-2021-35077 | Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35077 |
CVE-2021-30333 | Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30333 |
CVE-2021-35103 | Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35103 |
CVE-2021-35105 | Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35105 |
CVE-2021-35106 | Possible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35106 |
CVE-2022-22960 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22960 |
CVE-2021-30334 | Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30334 |
CVE-2021-30350 | Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30350 |
CVE-2021-35091 | Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35091 |
CVE-2021-35102 | Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35102 |
CVE-2021-35112 | A user with user level permission can access graphics protected region due to improper access control in register configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35112 |
CVE-2021-35126 | Memory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35126 |
CVE-2021-35129 | Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35129 |
CVE-2022-22057 | Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22057 |
CVE-2022-22082 | Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22082 |
CVE-2022-22084 | Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22084 |
CVE-2022-22085 | Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22085 |
CVE-2022-22090 | Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22090 |
CVE-2022-22059 | Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22059 |
CVE-2022-22061 | Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22061 |
CVE-2022-22067 | Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22067 |
CVE-2022-22070 | Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22070 |
CVE-2022-22066 | Memory corruption occurs while processing command received from HLOS due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22066 |
CVE-2022-22074 | Memory Corruption during wma file playback due to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22074 |
CVE-2022-22081 | Memory corruption in audio module due to integer overflow in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22081 |
CVE-2022-22089 | Memory corruption in audio while playing record due to improper list handling in two threads in Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22089 |
CVE-2022-22092 | Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22092 |
CVE-2022-25656 | Possible integer overflow and memory corruption due to improper validation of buffer size sent to write to console when computing the payload size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25656 |
CVE-2022-25693 | Memory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectivity, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25693 |
CVE-2022-22077 | Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22077 |
CVE-2022-25660 | Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25660 |
CVE-2022-25661 | Memory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25661 |
CVE-2022-25723 | Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25723 |
CVE-2022-33217 | Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33217 |
CVE-2022-25724 | Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25724 |
CVE-2022-25681 | Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25681 |
CVE-2022-25682 | Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25682 |
CVE-2022-25695 | Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25695 |
CVE-2022-25697 | Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25697 |
CVE-2022-25698 | Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25698 |
CVE-2022-25711 | Memory corruption in camera due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25711 |
CVE-2022-25746 | Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25746 |
CVE-2022-33266 | Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33266 |
CVE-2022-33276 | Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33276 |
CVE-2022-33300 | Memory corruption in Automotive Android OS due to improper input validation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33300 |
CVE-2022-40516 | Memory corruption in Core due to stack-based buffer overflow. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40516 |
CVE-2022-40520 | Memory corruption due to stack-based buffer overflow in Core | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40520 |
CVE-2022-3650 | A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3650 |
CVE-2022-33232 | Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33232 |
CVE-2022-33233 | Memory corruption due to configuration weakness in modem wile sending command to write protected files. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33233 |
CVE-2022-33243 | Memory corruption due to improper access control in Qualcomm IPC. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33243 |
CVE-2022-33248 | Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33248 |
CVE-2022-33277 | Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33277 |
CVE-2022-38396 | HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38396 |
CVE-2022-25694 | Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25694 |
CVE-2022-25705 | Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25705 |
CVE-2022-25709 | Memory corruption in modem due to use of out of range pointer offset while processing qmi msg | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25709 |
CVE-2022-33242 | Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33242 |
CVE-2022-33260 | Memory corruption due to stack based buffer overflow in core while sending command from USB of large size. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33260 |
CVE-2022-33278 | Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33278 |
CVE-2022-40530 | Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40530 |
CVE-2022-40531 | Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40531 |
CVE-2022-40540 | Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40540 |
CVE-2022-4095 | A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4095 |
CVE-2023-0386 | A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0386 |
CVE-2023-1393 | A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1393 |
CVE-2023-1579 | Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1579 |
CVE-2022-45115 | A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45115 |
CVE-2023-22291 | An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22291 |
CVE-2023-22660 | A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. A specially crafted document can cause a buffer overflow, leading to memory corruption, which can result in arbitrary code execution.To trigger this vulnerability, the victim would need to open a malicious, attacker-created document. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22660 |
CVE-2023-26593 | CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26593 |
CVE-2023-26293 | A vulnerability has been identified in TIA Portal V15 (All versions), TIA Portal V16 (All versions), TIA Portal V17 (All versions), TIA Portal V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26293 |
CVE-2023-1552 | ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configuration file. Two CVSS scores have been provided to capture the differences between the two aforementioned attack vectors. \n\nCustomers are advised to update to ToolboxST 7.10 which can be found in ControlST 7.10. If unable to update at this time customers should ensure they are following the guidance laid out in GE Gas Power's Secure Deployment Guide (GEH-6839). Customers should ensure they are not running ToolboxST as an Administrative user. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1552 |
CVE-2023-23375 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23375 |
CVE-2023-28246 | Windows Registry Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28246 |
CVE-2023-28248 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28248 |
CVE-2023-28274 | Windows Win32k Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28274 |
CVE-2023-28291 | Raw Image Extension Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28291 |
CVE-2023-28292 | Raw Image Extension Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28292 |
CVE-2023-28293 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28293 |
CVE-2023-28296 | Visual Studio Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28296 |
CVE-2023-28304 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28304 |
CVE-2023-28311 | Microsoft Word Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28311 |
CVE-2023-1829 | A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.\nWe recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1829 |
CVE-2023-22616 | An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22616 |
CVE-2023-26395 | Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26395 |
CVE-2023-26396 | Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26396 |
CVE-2023-26405 | Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26405 |
CVE-2023-26406 | Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26406 |
CVE-2023-26407 | Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26407 |
CVE-2023-26408 | Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26408 |
CVE-2023-26417 | Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26417 |
CVE-2023-26418 | Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26418 |
CVE-2023-26419 | Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26419 |
CVE-2023-26420 | Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26420 |
CVE-2023-26421 | Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Integer Underflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26421 |
CVE-2023-26422 | Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26422 |
CVE-2023-26423 | Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26423 |
CVE-2023-26424 | Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26424 |
CVE-2023-26425 | Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26425 |
CVE-2023-21582 | Adobe Digital Editions version 4.5.11.187303 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21582 |
CVE-2023-22235 | InCopy versions 18.1 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22235 |
CVE-2023-26383 | Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26383 |
CVE-2023-26384 | Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26384 |
CVE-2023-26388 | Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26388 |
CVE-2023-26389 | Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26389 |
CVE-2023-26390 | Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26390 |
CVE-2023-26391 | Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26391 |
CVE-2023-26392 | Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26392 |
CVE-2023-26393 | Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26393 |
CVE-2023-26394 | Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26394 |
CVE-2023-26402 | Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26402 |
CVE-2022-33231 | Memory corruption due to double free in core while initializing the encryption key. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33231 |
CVE-2022-33269 | Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33269 |
CVE-2022-33282 | Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video playback. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33282 |
CVE-2022-33296 | Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33296 |
CVE-2022-33298 | Memory corruption due to use after free in Modem while modem initialization. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33298 |
CVE-2022-33301 | Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33301 |
CVE-2022-33302 | Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33302 |
CVE-2022-40532 | Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40532 |
CVE-2023-21630 | Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21630 |
CVE-2023-30630 | Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30630 |
CVE-2023-24509 | On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24509 |
CVE-2023-26398 | Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26398 |
CVE-2023-26409 | Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26409 |
CVE-2023-26410 | Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26410 |
CVE-2023-26411 | Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26411 |
CVE-2023-26412 | Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26412 |
CVE-2023-26413 | Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26413 |
CVE-2023-26414 | Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26414 |
CVE-2023-26415 | Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26415 |
CVE-2023-26416 | Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26416 |
CVE-2023-1326 | A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1326 |
CVE-2023-29491 | ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29491 |
CVE-2023-27193 | An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain privileges via the key_ad_new_user_avoid_time field. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27193 |
CVE-2023-27651 | An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges via the update_info field of the _default_.xml file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27651 |
CVE-2023-27912 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27912 |
CVE-2023-27913 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to cause an Integer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data, or execute arbitrary code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27913 |
CVE-2023-27914 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27914 |
CVE-2023-27915 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27915 |
CVE-2023-29067 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29067 |
CVE-2023-2008 | A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2008 |
CVE-2023-22669 | Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22669 |
CVE-2023-22670 | A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22670 |
CVE-2023-2091 | A vulnerability classified as critical was found in KylinSoft youker-assistant. Affected by this vulnerability is the function adjust_cpufreq_scaling_governer. The manipulation leads to os command injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.4.13 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226099. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2091 |
CVE-2023-25010 | A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25010 |
CVE-2023-27906 | A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27906 |
CVE-2023-27907 | A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds write vulnerability which may result in code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27907 |
CVE-2023-21948 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Core). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21948 |
CVE-2023-21987 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21987 |
CVE-2023-21086 | In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-238298970 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21086 |
CVE-2023-21088 | In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-235823542 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21088 |
CVE-2023-21089 | In startInstrumentation of ActivityManagerService.java, there is a possible way to keep the foreground service alive while the app is in the background. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237766679 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21089 |
CVE-2023-21098 | In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260567867 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21098 |
CVE-2023-21099 | In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243377226 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21099 |
CVE-2023-21985 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H). | 7.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21985 |
CVE-2018-0298 | A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet directed to the physical management interface of an affected system. A successful exploit could allow the attacker to cause the process to crash and possibly reload the device, resulting in a denial of service (DoS) condition on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61398, CSCvb86799. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-0298 |
CVE-2018-0311 | A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could cause process crashes and result in a DoS condition on the device. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69960, CSCve02463, CSCve04859, CSCve41530, CSCve41537, CSCve41541, CSCve41557. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-0311 |
CVE-2019-1597 | Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets by an affected device. An attacker could exploit these vulnerabilities by sending an LDAP packet crafted using Basic Encoding Rules (BER) to an affected device. The LDAP packet must have a source IP address of an LDAP server configured on the targeted device. A successful exploit could cause the affected device to reload, resulting in a DoS condition. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75. Firepower 9300 Security Appliances are affected in versions prior to 2.0.1.201, 2.2.2.54 and 2.3.1.75. MDS 9000 Series Multilayer Switches are affected in versions prior to 8.2(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(1). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(2). Nexus 7000 and 7700 Series Switches are affected in versions prior to 8.2(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(1). Cisco UCS 6200 and 6300 Fabric Interconnect devices are affected in versions prior to 3.2(2b). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1597 |
CVE-2019-1598 | Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets by an affected device. An attacker could exploit these vulnerabilities by sending an LDAP packet crafted using Basic Encoding Rules (BER) to an affected device. The LDAP packet must have a source IP address of an LDAP server configured on the targeted device. A successful exploit could cause the affected device to reload, resulting in a DoS condition. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75. Firepower 9300 Security Appliances are affected in versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75. MDS 9000 Series Multilayer Switches are affected in versions prior to 8.2(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(1). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(2). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(20), 7.3(2)D1(1), and 8.2(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(1). UCS 6200 and 6300 Fabric Interconnect are affected in versions prior to 3.2(2b). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1598 |
CVE-2019-3883 | In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-3883 |
CVE-2019-13925 | A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-13925 |
CVE-2020-28367 | Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-28367 |
CVE-2020-27827 | A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-27827 |
CVE-2021-27196 | Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-27196 |
CVE-2021-33196 | In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33196 |
CVE-2021-41771 | ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-41771 |
CVE-2021-35533 | Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35533 |
CVE-2021-44151 | An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An attacker can obtain the static part of the cookie (cookie name) by first making a request to any page on the application (e.g., /goforms/menu) and saving the name of the cookie sent with the response. The attacker can then use the name of the cookie and try to request that same page, setting a random value for the cookie. If any user has an active session, the page should return with the authorized content, when a valid cookie value is hit. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-44151 |
CVE-2021-44716 | net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-44716 |
CVE-2021-30287 | Possible assertion due to improper validation of symbols configured for PDCCH monitoring in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30287 |
CVE-2021-30300 | Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when processing the SRS configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30300 |
CVE-2021-30301 | Possible denial of service due to out of memory while processing RRC and NAS OTA message in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30301 |
CVE-2021-30307 | Possible denial of service due to improper validation of DNS response when DNS client requests with PTR, NAPTR or SRV query type in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30307 |
CVE-2021-30330 | Possible null pointer dereference due to improper validation of APE clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30330 |
CVE-2021-30353 | Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30353 |
CVE-2021-39293 | In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-39293 |
CVE-2021-30326 | Possible assertion due to improper size validation while processing the DownlinkPreemption IE in an RRC Reconfiguration/RRC Setup message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30326 |
CVE-2021-4091 | A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-4091 |
CVE-2022-24921 | regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24921 |
CVE-2022-0918 | A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0918 |
CVE-2021-30328 | Possible assertion due to improper validation of invalid NR CSI-IM resource configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30328 |
CVE-2021-30329 | Possible assertion due to improper validation of TCI configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30329 |
CVE-2021-30332 | Possible assertion due to improper validation of OTA configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30332 |
CVE-2022-28613 | A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. This issue affects: Hitachi Energy RTU500 series CMU Firmware 12.0.*; 12.2.*; 12.4.*; 12.6.*; 12.7.*; 13.2.*. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28613 |
CVE-2021-30340 | Reachable assertion due to improper validation of coreset in PDCCH configuration in SA mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30340 |
CVE-2021-30344 | Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30344 |
CVE-2021-35073 | Possible assertion due to improper validation of rank restriction field in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35073 |
CVE-2021-35076 | Possible null pointer dereference due to improper validation of RRC connection reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35076 |
CVE-2021-35078 | Possible memory leak due to improper validation of certificate chain length while parsing server certificate chain in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35078 |
CVE-2021-35086 | Possible buffer over read due to improper validation of SIB type when processing a NR system Information message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35086 |
CVE-2021-35087 | Possible null pointer access due to improper validation of system information message to be processed in Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35087 |
CVE-2021-35096 | Improper memory allocation during counter check DLM handling can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35096 |
CVE-2021-35100 | Possible buffer over read due to improper calculation of string length while parsing Id3 tag in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35100 |
CVE-2022-22064 | Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22064 |
CVE-2022-22065 | Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22065 |
CVE-2022-22083 | Denial of service due to memory corruption while extracting ape header from clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22083 |
CVE-2022-22091 | Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22091 |
CVE-2022-25669 | Denial of service in video due to buffer over read while parsing MP4 clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25669 |
CVE-2022-25670 | Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25670 |
CVE-2022-25690 | Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25690 |
CVE-2022-25706 | Information disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25706 |
CVE-2022-25662 | Information disclosure due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25662 |
CVE-2022-25736 | Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25736 |
CVE-2022-25749 | Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25749 |
CVE-2022-25671 | Denial of service in MODEM due to reachable assertion in Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25671 |
CVE-2022-25741 | Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25741 |
CVE-2022-33236 | Transient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33236 |
CVE-2022-33237 | Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33237 |
CVE-2022-33239 | Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33239 |
CVE-2022-25672 | Denial of service in MODEM due to reachable assertion while processing SIB1 with invalid Bandwidth in Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25672 |
CVE-2022-25673 | Denial of service in MODEM due to reachable assertion while processing configuration from network in Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25673 |
CVE-2022-25685 | Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25685 |
CVE-2022-25691 | Denial of service in Modem due to reachable assertion while processing SIB1 with invalid SCS and bandwidth settings in Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25691 |
CVE-2022-25692 | Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25692 |
CVE-2022-25702 | Denial of service in modem due to reachable assertion while processing reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25702 |
CVE-2022-33235 | Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33235 |
CVE-2022-33238 | Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33238 |
CVE-2022-3109 | An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3109 |
CVE-2022-48279 | In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48279 |
CVE-2023-24021 | Incorrect handling of '\\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24021 |
CVE-2022-33271 | Information disclosure due to buffer over-read in WLAN while parsing NMF frame. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33271 |
CVE-2022-33306 | Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33306 |
CVE-2022-34145 | Transient DOS due to buffer over-read in WLAN Host while parsing frame information. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34145 |
CVE-2022-34146 | Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34146 |
CVE-2022-40502 | Transient DOS due to improper input validation in WLAN Host. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40502 |
CVE-2022-40512 | Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40512 |
CVE-2022-40513 | Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non qos state. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40513 |
CVE-2022-3353 | A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections. Already existing/established client-server connections are not affected. List of affected CPEs: * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:* | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3353 |
CVE-2022-41723 | A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41723 |
CVE-2023-27522 | HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.\n\nSpecial characters in the origin response header can truncate/split the response forwarded to the client.\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27522 |
CVE-2022-33244 | Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33244 |
CVE-2022-33250 | Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33250 |
CVE-2022-33254 | Transient DOS due to reachable assertion in Modem while processing SIB1 Message. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33254 |
CVE-2022-33272 | Transient DOS in modem due to reachable assertion. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33272 |
CVE-2022-33309 | Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33309 |
CVE-2022-40527 | Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40527 |
CVE-2023-27585 | PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27585 |
CVE-2023-1390 | A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1390 |
CVE-2023-27535 | An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27535 |
CVE-2023-28755 | A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28755 |
CVE-2023-28756 | A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28756 |
CVE-2022-36440 | A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36440 |
CVE-2023-27727 | Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27727 |
CVE-2023-27728 | Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27728 |
CVE-2023-27729 | Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27729 |
CVE-2023-27730 | Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27730 |
CVE-2022-43716 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43716 |
CVE-2022-43767 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43767 |
CVE-2022-43768 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43768 |
CVE-2023-28766 | A vulnerability has been identified in SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.40), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions < V9.40), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.40), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.40), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.40), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.40), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.40), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.40), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.40), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.40), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions < V9.40), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service.\r\nAn unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28766 |
CVE-2023-21769 | Microsoft Message Queuing Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21769 |
CVE-2023-24860 | Microsoft Defender Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24860 |
CVE-2023-28247 | Windows Network File System Information Disclosure Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28247 |
CVE-2023-28300 | Azure Service Connector Security Feature Bypass Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28300 |
CVE-2023-28302 | Microsoft Message Queuing Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28302 |
CVE-2023-30513 | Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30513 |
CVE-2023-30514 | Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30514 |
CVE-2023-30515 | Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30515 |
CVE-2023-24513 | On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24513 |
CVE-2023-1992 | RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1992 |
CVE-2023-24511 | On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24511 |
CVE-2023-24545 | On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24545 |
CVE-2023-22620 | An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22620 |
CVE-2022-25726 | Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25726 |
CVE-2022-25730 | Information disclosure in modem due to improper check of IP type while processing DNS server query | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25730 |
CVE-2022-25731 | Information disclosure in modem due to buffer over-read while processing packets from DNS server | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25731 |
CVE-2022-25737 | Information disclosure in modem due to missing NULL check while reading packets received from local network | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25737 |
CVE-2022-25739 | Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25739 |
CVE-2022-25747 | Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25747 |
CVE-2022-33222 | Information disclosure due to buffer over-read while parsing DNS response packets in Modem. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33222 |
CVE-2022-33223 | Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33223 |
CVE-2022-33228 | Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33228 |
CVE-2022-33258 | Information disclosure due to buffer over-read in modem while reading configuration parameters. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33258 |
CVE-2022-33287 | Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33287 |
CVE-2022-33291 | Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33291 |
CVE-2022-33294 | Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33294 |
CVE-2022-33295 | Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33295 |
CVE-2022-40503 | Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40503 |
CVE-2023-27772 | libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at /client/client_control.c. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27772 |
CVE-2023-27747 | BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27747 |
CVE-2023-30635 | TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error) upon an attempt to get a timestamp from the Placement Driver. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30635 |
CVE-2023-30636 | TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error, with RpcStatus UNAVAILABLE for "not leader") upon an attempt to start a node in a situation where the context deadline is exceeded | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30636 |
CVE-2023-30637 | Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomic_server. NOTE: installations with brpc-0.14.0 and later are unaffected. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30637 |
CVE-2023-26969 | Atropim 1.5.26 is vulnerable to Directory Traversal. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26969 |
CVE-2023-29626 | Yoga Class Registration System 1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at /admin/login.php. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29626 |
CVE-2023-2035 | A vulnerability has been found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file signup.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225913 was assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2035 |
CVE-2023-2036 | A vulnerability was found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file upload.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225914 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2036 |
CVE-2023-2038 | A vulnerability was found in Campcodes Video Sharing Website 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin_class.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225916. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2038 |
CVE-2023-2047 | A vulnerability was found in Campcodes Advanced Online Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument voter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225932. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2047 |
CVE-2023-2048 | A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/voters_row.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225933 was assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2048 |
CVE-2023-2049 | A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ballot_up.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225934 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2049 |
CVE-2023-26756 | The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26756 |
CVE-2023-27643 | An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27643 |
CVE-2023-27649 | SQL injection vulnerability found in Trusted Tools Free Music v.2.1.0.47, v.2.0.0.46, v.1.9.1.45, v.1.8.2.43 allows a remote attacker to cause a denial of service via the search history table | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27649 |
CVE-2023-27653 | An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27653 |
CVE-2023-2053 | A vulnerability, which was classified as critical, has been found in Campcodes Advanced Online Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/candidates_row.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225938 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2053 |
CVE-2023-2054 | A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. This affects an unknown part of the file /admin/positions_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225939. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2054 |
CVE-2023-29850 | SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29850 |
CVE-2023-29013 | Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29013 |
CVE-2023-2073 | A vulnerability was found in Campcodes Online Traffic Offense Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Login.php. The manipulation of the argument password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226051. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2073 |
CVE-2023-2074 | A vulnerability was found in Campcodes Online Traffic Offense Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226052. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2074 |
CVE-2023-29085 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP status line. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29085 |
CVE-2023-29086 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Min-SE header. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29086 |
CVE-2023-29087 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Retry-After header. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29087 |
CVE-2023-29088 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Session-Expires header. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29088 |
CVE-2023-29089 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding SIP multipart messages. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29089 |
CVE-2023-29090 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Via header. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29090 |
CVE-2023-29091 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP URI. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29091 |
CVE-2023-2004 | An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2004 |
CVE-2023-24607 | Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24607 |
CVE-2023-29208 | XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29208 |
CVE-2021-39295 | In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-39295 |
CVE-2018-15472 | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-15472 |
CVE-2018-17449 | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-17449 |
CVE-2018-17455 | An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-17455 |
CVE-2022-37255 | TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-37255 |
CVE-2022-38840 | cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file upload, which leads to local file disclosure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38840 |
CVE-2022-40946 | On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40946 |
CVE-2022-34126 | The Activity plugin before 3.1.1 for GLPI allows reading local files via directory traversal in the front/cra.send.php file parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34126 |
CVE-2022-34127 | The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34127 |
CVE-2021-36520 | A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-36520 |
CVE-2023-22687 | Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin <= 1.9.4.0 versions. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22687 |
CVE-2022-43377 | \n\n\n\n\nA CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that\ncould cause account takeover when a brute force attack is performed on the account.\n\n\n\n Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0\n\n and prior) | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43377 |
CVE-2023-21912 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.41 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21912 |
CVE-2023-21931 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21931 |
CVE-2023-21964 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21964 |
CVE-2023-21979 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21979 |
CVE-2023-21996 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21996 |
CVE-2021-34714 | A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. An attacker must have full control of a directly connected device. On Cisco IOS XR devices, the impact is limited to the reload of the UDLD process. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-34714 |
CVE-2023-29054 | A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default.\r\n\r\nThis could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data\r\npassed over the connection between legitimate clients and the affected device. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-29054 |
CVE-2023-21930 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-21930 |
CVE-2023-25950 | HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-25950 |
CVE-2018-9276 | An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-9276 |
CVE-2021-42378 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-42378 |
CVE-2021-42379 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-42379 |
CVE-2021-42380 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-42380 |
CVE-2021-42381 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-42381 |
CVE-2021-42382 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-42382 |
CVE-2021-42383 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-42383 |
CVE-2021-42384 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-42384 |
CVE-2021-42385 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-42385 |
CVE-2021-42386 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-42386 |
CVE-2021-35534 | Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanently disabling the product. This issue affects: Hitachi Energy Relion 670 Series 2.0 all revisions; 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.5. Hitachi Energy Relion 670/650 Series 2.1 all revisions. 2.2.0 all revisions; 2.2.4 all revisions; Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions; 2.2.5 versions prior to 2.2.5.2. Hitachi Energy Relion 650 1.0 all revisions. 1.1 all revisions; 1.2 all revisions; 1.3 versions prior to 1.3.0.8; Hitachi Energy GMS600 1.3.0; 1.3.0.1; 1.2.0. Hitachi Energy PWC600 1.0.1 version 1.0.1.4 and prior versions; 1.1.0 version 1.1.0.1 and prior versions. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-35534 |
CVE-2022-22957 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-22957 |
CVE-2023-28254 | Windows DNS Server Remote Code Execution Vulnerability | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-28254 |
CVE-2022-47605 | Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.7.0 versions. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-47605 |
CVE-2023-26852 | An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-26852 |
CVE-2023-20118 | A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device.\r\n\r This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device.\r\n\r Cisco has not and will not release software updates that address this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-20118 |
CVE-2023-29084 | Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-29084 |
CVE-2023-30638 | Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-30638 |
CVE-2023-30459 | SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the administrator control panel on port 8101, by default). | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-30459 |
CVE-2023-27610 | Auth. (admin+) SQL Injection (SQLi) vulnerability in TransbankDevelopers Transbank Webpay REST plugin <= 1.6.6 versions. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-27610 |
CVE-2023-0277 | The WC Fields Factory WordPress plugin through 4.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-0277 |
CVE-2023-21932 | Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI). The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L). | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-21932 |
CVE-2023-1731 | In LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.\n | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-1731 |
CVE-2021-35084 | Possible out of bound read due to lack of length check of data length for a DIAG event in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-35084 |
CVE-2021-35085 | Possible buffer overflow due to lack of buffer length check during management frame Rx handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-35085 |
CVE-2021-35116 | APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s data executing there in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-35116 |
CVE-2022-25665 | Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-25665 |
CVE-2023-27647 | An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27647 |
CVE-2023-21980 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21980 |
CVE-2018-0842 | Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability". | 7 | https://nvd.nist.gov/vuln/detail/CVE-2018-0842 |
CVE-2018-15687 | A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2018-15687 |
CVE-2019-19921 | runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) | 7 | https://nvd.nist.gov/vuln/detail/CVE-2019-19921 |
CVE-2021-35095 | Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile | 7 | https://nvd.nist.gov/vuln/detail/CVE-2021-35095 |
CVE-2022-22093 | Memory corruption or temporary denial of service due to improper handling of concurrent hypervisor operations to attach or detach IRQs from virtual interrupt sources in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-22093 |
CVE-2022-22094 | memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-22094 |
CVE-2022-25696 | Memory corruption in display due to time-of-check time-of-use race condition during map or unmap in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-25696 |
CVE-2022-33214 | Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-33214 |
CVE-2023-27561 | runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-27561 |
CVE-2022-33257 | Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-33257 |
CVE-2023-1989 | A use-after-free flaw was found in btsdio_remove in drivers\\bluetooth\\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-1989 |
CVE-2023-28273 | Windows Clip Service Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-28273 |
CVE-2023-1872 | A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation.\n\nThe io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered.\n\nWe recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.\n\n | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-1872 |
CVE-2023-26980 | PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-26980 |
CVE-2023-21896 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21896 |
CVE-2021-35108 | Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35108 |
CVE-2021-35109 | Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35109 |
CVE-2023-28249 | Windows Boot Manager Security Feature Bypass Vulnerability | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28249 |
CVE-2023-28269 | Windows Boot Manager Security Feature Bypass Vulnerability | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28269 |
CVE-2023-28270 | Windows Lock Screen Security Feature Bypass Vulnerability | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28270 |
CVE-2022-33289 | Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33289 |
CVE-2023-21918 | Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local SYSDBA privilege with network access via Oracle Net to compromise Oracle Database Recovery Manager. While the vulnerability is in Oracle Database Recovery Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Recovery Manager. CVSS 3.1 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21918 |
CVE-2023-21922 | Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Health Sciences InForm accessible data as well as unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21922 |
CVE-2023-21934 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N). | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21934 |
CVE-2018-0294 | A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not properly delete sensitive files when certain CLI commands are used to clear the device configuration and reload a device. An attacker could exploit this vulnerability by logging into an affected device as an administrative user and configuring an unauthorized account for the device. The account would not require a password for authentication and would be accessible only via a Secure Shell (SSH) connection to the device. A successful exploit could allow the attacker to configure an unauthorized account that has administrative privileges, does not require a password for authentication, and does not appear in the running configuration or the audit logs for the affected device. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3500 Platform Switches, Nexus 4000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd13993, CSCvd34845, CSCvd34857, CSCvd34862, CSCvd34879, CSCve35753. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2018-0294 |
CVE-2019-1779 | A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid device credentials to exploit this vulnerability. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2019-1779 |
CVE-2019-1795 | A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2019-1795 |
CVE-2019-1780 | A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. NX-OS versions prior to 8.3(1) are affected. NX-OS versions prior to 8.3(1) are affected. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2019-1780 |
CVE-2020-3166 | A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit could allow the attacker to read or write to arbitrary files on the underlying OS. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-3166 |
CVE-2020-3169 | A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-3169 |
CVE-2020-3545 | A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-3545 |
CVE-2021-35530 | A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-35530 |
CVE-2021-35531 | Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-35531 |
CVE-2021-35532 | A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-35532 |
CVE-2021-35092 | Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-35092 |
CVE-2021-35118 | An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-35118 |
CVE-2021-35120 | Improper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-35120 |
CVE-2021-35133 | Use after free in the synx driver issue while performing other functions during multiple invocation of synx release calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-35133 |
CVE-2022-25666 | Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-25666 |
CVE-2023-20015 | A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute unauthorized commands within the CLI. An attacker with Administrator privileges could also execute arbitrary commands on the underlying operating system of Cisco UCS 6400 and 6500 Series Fabric Interconnects with root-level privileges. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-20015 |
CVE-2023-21969 | Vulnerability in Oracle SQL Developer (component: Installation). Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle SQL Developer executes to compromise Oracle SQL Developer. Successful attacks of this vulnerability can result in takeover of Oracle SQL Developer. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21969 |
CVE-2023-28278 | Windows DNS Server Remote Code Execution Vulnerability | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-28278 |
CVE-2023-28305 | Windows DNS Server Remote Code Execution Vulnerability | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-28305 |
CVE-2023-28306 | Windows DNS Server Remote Code Execution Vulnerability | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-28306 |
CVE-2023-28307 | Windows DNS Server Remote Code Execution Vulnerability | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-28307 |
CVE-2023-28308 | Windows DNS Server Remote Code Execution Vulnerability | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-28308 |
CVE-2018-0331 | A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly validate certain fields within a Cisco Discovery Protocol message prior to processing it. An attacker with the ability to submit a Cisco Discovery Protocol message designed to trigger the issue could cause a DoS condition on an affected device while the device restarts. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc89242, CSCve40943, CSCve40953, CSCve40965, CSCve40970, CSCve40978, CSCve40992, CSCve41000, CSCve41007. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-0331 |
CVE-2019-12700 | A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-12700 |
CVE-2019-14824 | A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14824 |
CVE-2020-3120 | A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-3120 |
CVE-2021-3514 | When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3514 |
CVE-2022-0108 | Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0108 |
CVE-2022-0996 | A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0996 |
CVE-2021-3652 | A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3652 |
CVE-2022-34882 | Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34882 |
CVE-2022-2850 | A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2850 |
CVE-2022-33255 | Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33255 |
CVE-2022-33283 | Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33283 |
CVE-2022-33284 | Information disclosure due to buffer over-read in WLAN while parsing BTM action frame. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33284 |
CVE-2022-33285 | Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33285 |
CVE-2022-33286 | Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33286 |
CVE-2023-25136 | OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25136 |
CVE-2023-23009 | Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23009 |
CVE-2023-0890 | The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of protected posts | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0890 |
CVE-2023-20861 | In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20861 |
CVE-2023-1801 | The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1801 |
CVE-2023-24626 | socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24626 |
CVE-2023-28093 | A user with a compromised configuration can start an unsigned binary as a service. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28093 |
CVE-2023-1980 | Two factor \n\nauthentication\n\nbypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1980 |
CVE-2023-28267 | Remote Desktop Protocol Client Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28267 |
CVE-2023-28288 | Microsoft SharePoint Server Spoofing Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28288 |
CVE-2023-28312 | Azure Machine Learning Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28312 |
CVE-2023-30512 | CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30512 |
CVE-2023-28488 | client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28488 |
CVE-2023-0004 | A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.\n\nThese files can include logs and system components that impact the integrity and availability of PAN-OS software. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0004 |
CVE-2023-30516 | Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by default. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30516 |
CVE-2023-30526 | A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30526 |
CVE-2023-30528 | Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30528 |
CVE-2023-30531 | Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for attackers to observe and capture it. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30531 |
CVE-2023-30532 | A missing permission check in Jenkins TurboScript Plugin 1.3 and earlier allows attackers with Item/Read permission to trigger builds of jobs corresponding to the attacker-specified repository. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30532 |
CVE-2023-1993 | LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1993 |
CVE-2023-1994 | GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1994 |
CVE-2023-22897 | An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22897 |
CVE-2023-20863 | In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20863 |
CVE-2023-20866 | In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20866 |
CVE-2022-45170 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45170 |
CVE-2022-45175 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a target file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45175 |
CVE-2022-45180 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdesk_{DOMAIN]/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system (an operation intended to only be available to the system administrator). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45180 |
CVE-2023-2101 | A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226109 was assigned to this vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2101 |
CVE-2019-14944 | An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14944 |
CVE-2022-34125 | front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34125 |
CVE-2023-0889 | Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the default role to administrator | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0889 |
CVE-2023-1274 | The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1274 |
CVE-2023-1331 | The Redirection WordPress plugin before 1.1.5 does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF attack. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1331 |
CVE-2023-1371 | The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1371 |
CVE-2023-21909 | Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: UI Framework). Supported versions that are affected are 23.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel CRM accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21909 |
CVE-2023-21910 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web General). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21910 |
CVE-2023-21946 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21946 |
CVE-2023-21978 | Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: GUI). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21978 |
CVE-2023-21984 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Libraries). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21984 |
CVE-2023-21993 | Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications (component: Forms). The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Clinical Remote Data Capture. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Clinical Remote Data Capture accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21993 |
CVE-2020-15858 | Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for customer Java applications, TLS and OTAP (Java over-the-air-provisioning) functionality. The affected products and releases are: BGS5 up to and including SW RN 02.000 / ARN 01.001.06 EHSx and PDSx up to and including SW RN 04.003 / ARN 01.000.04 ELS61 up to and including SW RN 02.002 / ARN 01.000.04 ELS81 up to and including SW RN 05.002 / ARN 01.000.04 PLS62 up to and including SW RN 02.000 / ARN 01.000.04 | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-15858 |
CVE-2021-30313 | Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-30313 |
CVE-2023-26555 | praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-26555 |
CVE-2023-23588 | A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application.\r\nA local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-23588 |
CVE-2023-0006 | A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-0006 |
CVE-2021-34337 | An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-34337 |
CVE-2019-6585 | A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-6585 |
CVE-2021-24510 | The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-24510 |
CVE-2017-20119 | A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-20119 |
CVE-2023-23277 | Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-23277 |
CVE-2022-3695 | \nHitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present. \n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-3695 |
CVE-2023-28313 | Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28313 |
CVE-2023-28314 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28314 |
CVE-2023-29623 | Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29623 |
CVE-2023-2044 | A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. This vulnerability affects unknown code of the component Dispositivos Page. The manipulation of the argument IP-DNS leads to cross site scripting. The attack can be initiated remotely. VDB-225922 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2044 |
CVE-2023-27666 | Auto Dealer Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the name parameter at /classes/SystemSettings.php?f=update_settings. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27666 |
CVE-2023-2055 | A vulnerability has been found in Campcodes Advanced Online Voting System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/config_save.php. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225940. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2055 |
CVE-2023-2057 | A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225942 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2057 |
CVE-2023-2058 | A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation of the argument web_ico leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225943. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2058 |
CVE-2022-46886 | There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-46886 |
CVE-2023-2076 | A vulnerability classified as problematic was found in Campcodes Online Traffic Offense Management System 1.0. This vulnerability affects unknown code of the file /classes/Users.phpp. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226054 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2076 |
CVE-2023-2077 | A vulnerability, which was classified as problematic, has been found in Campcodes Online Traffic Offense Management System 1.0. This issue affects some unknown processing of the file /admin/offenses/view_details.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226055. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2077 |
CVE-2023-27572 | An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability was discovered in the https_redirect.php web page via the page parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27572 |
CVE-2022-43696 | OX App Suite before 7.10.6-rev20 allows XSS via upsell ads. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-43696 |
CVE-2022-43697 | OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-43697 |
CVE-2023-2098 | A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /inc/topBarNav.php. The manipulation of the argument search leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-226106 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2098 |
CVE-2023-2099 | A vulnerability classified as problematic has been found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226107. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2099 |
CVE-2023-2100 | A vulnerability classified as problematic was found in SourceCodester Vehicle Service Management System 1.0. This vulnerability affects unknown code of the file /admin/report/index.php. The manipulation of the argument date_end leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226108. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2100 |
CVE-2015-10101 | A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.7 is able to address this issue. The name of the patch is 25bb1dea113716200a6f0f3135801d84a7a65540. It is recommended to upgrade the affected component. The identifier VDB-226117 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2015-10101 |
CVE-2022-37306 | OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-37306 |
CVE-2022-28353 | In the External Redirect Warning Plugin 1.3 for MyBB, the redirect URL (aka external.php?url=) is vulnerable to XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28353 |
CVE-2023-2109 | Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.14.0. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2109 |
CVE-2023-1282 | The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1282 |
CVE-2023-1373 | The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1373 |
CVE-2023-1413 | The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1413 |
CVE-2023-2119 | The Responsive Filterable Portfolio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2119 |
CVE-2023-2120 | The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2120 |
CVE-2023-27092 | Cross Site Scripting vulnerability found in Jbootfly allows attackers to obtain sensitive information via the username parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27092 |
CVE-2022-43376 | \n\n\nA CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site\nScripting') vulnerability exists that could cause code and session manipulation when malicious\ncode is inserted into the browser.\n\n Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0\n\n and prior) | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-43376 |
CVE-2023-21905 | Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Routing Hub). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Virtual Account Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21905 |
CVE-2023-21906 | Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: SMS Module). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Virtual Account Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21906 |
CVE-2023-21956 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21956 |
CVE-2023-21907 | Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H). | 6 | https://nvd.nist.gov/vuln/detail/CVE-2023-21907 |
CVE-2023-21908 | Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H). | 6 | https://nvd.nist.gov/vuln/detail/CVE-2023-21908 |
CVE-2023-21989 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | 6 | https://nvd.nist.gov/vuln/detail/CVE-2023-21989 |
CVE-2023-22002 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | 6 | https://nvd.nist.gov/vuln/detail/CVE-2023-22002 |
CVE-2014-4024 | SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer (SSL) accelerator cards, might allow remote attackers to have unspecified impact via a timing side-channel attack. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2014-4024 |
CVE-2021-36221 | Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-36221 |
CVE-2021-30343 | Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-30343 |
CVE-2021-35111 | Improper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in Snapdragon Connectivity, Snapdragon Mobile | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-35111 |
CVE-2023-27537 | A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-27537 |
CVE-2022-33270 | Transient DOS due to time-of-check time-of-use race condition in Modem while processing RRC Reconfiguration message. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-33270 |
CVE-2023-1285 | Signal Handler Race Condition vulnerability in Mitsubishi Electric India GC-ENET-COM whose first 2 digits of 11-digit serial number of unit are "16" allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in Ethernet communication by sending a large number of specially crafted packets to any UDP port when GC-ENET-COM is configured as a Modbus TCP Server. The communication resumes only when the power of the main unit is turned off and on or when the GC-ENET-COM is hot-swapped from the main unit.\n | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-1285 |
CVE-2023-25597 | A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to sensitive information. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-25597 |
CVE-2019-14942 | An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-14942 |
CVE-2023-21924 | Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Health Sciences InForm, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Health Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Health Sciences InForm accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L). | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21924 |
CVE-2023-21954 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21954 |
CVE-2023-21967 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21967 |
CVE-2023-21952 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21952 |
CVE-2023-21965 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21965 |
CVE-2023-21970 | Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Security). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21970 |
CVE-2023-21986 | Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Native Image). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 5.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L). | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21986 |
CVE-2023-26551 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | 5.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-26551 |
CVE-2023-26552 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | 5.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-26552 |
CVE-2023-26553 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | 5.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-26553 |
CVE-2023-26554 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | 5.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-26554 |
CVE-2023-21960 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). | 5.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-21960 |
CVE-2019-1734 | A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1734 |
CVE-2020-15945 | Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-15945 |
CVE-2021-42373 | A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-42373 |
CVE-2021-42375 | An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-42375 |
CVE-2021-42376 | A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \\x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-42376 |
CVE-2021-30314 | Lack of validation for third party application accessing the service can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30314 |
CVE-2021-30331 | Possible buffer overflow due to improper data validation of external commands sent via DIAG interface in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30331 |
CVE-2021-30339 | Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30339 |
CVE-2021-35071 | Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35071 |
CVE-2021-35119 | Potential out of Bounds read in FIPS event processing due to improper validation of the length from the firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35119 |
CVE-2021-3800 | A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3800 |
CVE-2022-25653 | Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25653 |
CVE-2022-25664 | Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25664 |
CVE-2022-25676 | Information disclosure in video due to buffer over-read while parsing avi files in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25676 |
CVE-2022-25679 | Denial of service in video due to improper access control in broadcast receivers in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25679 |
CVE-2022-25725 | Denial of service in MODEM due to improper pointer handling | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25725 |
CVE-2022-33252 | Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33252 |
CVE-2022-33253 | Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33253 |
CVE-2022-40518 | Information disclosure due to buffer overread in Core | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40518 |
CVE-2022-40519 | Information disclosure due to buffer overread in Core | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40519 |
CVE-2022-33221 | Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33221 |
CVE-2021-33367 | Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33367 |
CVE-2022-22075 | Information Disclosure in Graphics during GPU context switch. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22075 |
CVE-2023-27538 | An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27538 |
CVE-2022-43309 | Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43309 |
CVE-2020-24736 | Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-24736 |
CVE-2023-28263 | Visual Studio Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28263 |
CVE-2023-28298 | Windows Kernel Denial of Service Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28298 |
CVE-2023-28299 | Visual Studio Spoofing Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28299 |
CVE-2023-29576 | Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_TrunAtom::SetDataOffset(int) function in Ap4TrunAtom.h. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29576 |
CVE-2022-24350 | An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Specially formatted buffer contents used for software SMI could cause SMRAM corruption, leading to escalation of privilege. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24350 |
CVE-2023-29574 | Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29574 |
CVE-2023-29580 | yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29580 |
CVE-2023-27704 | Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27704 |
CVE-2023-29571 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29571 |
CVE-2023-29581 | yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function delete_Token at /nasm/nasm-pp.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29581 |
CVE-2023-26397 | Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26397 |
CVE-2023-1906 | A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1906 |
CVE-2023-26385 | Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26385 |
CVE-2023-26386 | Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26386 |
CVE-2023-26387 | Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26387 |
CVE-2023-26403 | Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26403 |
CVE-2023-25954 | KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25954 |
CVE-2022-33297 | Information disclosure due to buffer overread in Linux sensors | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33297 |
CVE-2023-26263 | All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26263 |
CVE-2023-26264 | All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26264 |
CVE-2023-29573 | Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29573 |
CVE-2023-29569 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29569 |
CVE-2023-28085 | An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28085 |
CVE-2023-28091 | HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28091 |
CVE-2023-24934 | Microsoft Defender Security Feature Bypass Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24934 |
CVE-2023-21926 | Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Health Sciences InForm executes to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21926 |
CVE-2023-21929 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21929 |
CVE-2023-20909 | In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243130512 | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20909 |
CVE-2023-20935 | In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256589724 | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20935 |
CVE-2023-21087 | In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261723753 | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21087 |
CVE-2023-21091 | In canDisplayLocalUi of AppLocalePickerActivity.java, there is a possible way to change system app locales due to a missing permission check. This could lead to local denial of service across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257954050 | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21091 |
CVE-2017-20113 | A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2017-20113 |
CVE-2017-20114 | A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2017-20114 |
CVE-2017-20115 | A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2017-20115 |
CVE-2017-20116 | A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2017-20116 |
CVE-2017-20117 | A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2017-20117 |
CVE-2017-20118 | A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2017-20118 |
CVE-2022-37462 | A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-37462 |
CVE-2023-26467 | A man in the middle can redirect traffic to a malicious server in a compromised configuration. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-26467 |
CVE-2023-26846 | A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-26846 |
CVE-2023-26847 | A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-26847 |
CVE-2023-26260 | OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-26260 |
CVE-2023-28309 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-28309 |
CVE-2022-47053 | An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-47053 |
CVE-2023-27775 | A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary code via a crafted payload. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-27775 |
CVE-2023-30520 | Jenkins Quay.io trigger Plugin 0.1 and earlier does not limit URL schemes for repository homepage URLs submitted via Quay.io trigger webhooks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Quay.io trigger webhook payloads. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-30520 |
CVE-2022-45358 | Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-45358 |
CVE-2023-2021 | Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2021 |
CVE-2023-29847 | AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-29847 |
CVE-2022-48177 | X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-48177 |
CVE-2022-48178 | X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Create Action function, aka an index.php/actions/update URI. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-48178 |
CVE-2023-2103 | Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2103 |
CVE-2023-2104 | Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2104 |
CVE-2018-17454 | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-17454 |
CVE-2018-17536 | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-17536 |
CVE-2018-17537 | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. . | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-17537 |
CVE-2022-43458 | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Code Tides Advanced Floating Content plugin <= 1.2.1 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-43458 |
CVE-2022-45849 | Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-45849 |
CVE-2022-44726 | The TouchDown Timesheet tracking component 4.1.4 for Jira allows XSS in the calendar view. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-44726 |
CVE-2023-0367 | The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0367 |
CVE-2023-0374 | The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0374 |
CVE-2023-0764 | The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0764 |
CVE-2023-1325 | The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1325 |
CVE-2023-29774 | Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-29774 |
CVE-2023-21921 | Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Health Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Health Sciences InForm accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-21921 |
CVE-2023-21936 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-21936 |
CVE-2023-21973 | Vulnerability in the Oracle iProcurement product of Oracle E-Business Suite (component: E-Content Manager Catalog). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iProcurement. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iProcurement, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iProcurement accessible data as well as unauthorized read access to a subset of Oracle iProcurement accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-21973 |
CVE-2023-21992 | Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Administer Workforce). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-21992 |
CVE-2018-0395 | A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A successful exploit could allow the attacker to cause the switch to reload unexpectedly. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-0395 |
CVE-2021-42374 | An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-42374 |
CVE-2021-44155 | An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-44155 |
CVE-2022-28365 | Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-28365 |
CVE-2022-2097 | AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-2097 |
CVE-2023-28486 | Sudo before 1.9.13 does not escape control characters in log messages. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28486 |
CVE-2023-28487 | Sudo before 1.9.13 does not escape control characters in sudoreplay output. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28487 |
CVE-2023-27464 | A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.1), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.1), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.1.1). The affected versions of the module contain an observable response discrepancy issue that could allow an attacker to retrieve sensitive information. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-27464 |
CVE-2023-21729 | Remote Procedure Call Runtime Information Disclosure Vulnerability | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21729 |
CVE-2022-48437 | An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-48437 |
CVE-2023-30517 | Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30517 |
CVE-2023-30519 | A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30519 |
CVE-2023-30521 | A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30521 |
CVE-2023-29132 | Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29132 |
CVE-2023-26559 | A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. (XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build 2023021715 are also fixed versions.) | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-26559 |
CVE-2023-2059 | A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/select_templets.php. The manipulation leads to path traversal: '..\\filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225944. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2059 |
CVE-2023-29529 | matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker will not appear to be participating in the call. This attack is possible because matrix-js-sdk's group call implementation accepts incoming direct calls from other users, even if they have not yet declared intent to participate in the group call, as a means of resolving a race condition in call setup. Affected versions do not restrict access to the user's outbound media in this case. Legacy 1:1 calls are unaffected. This is fixed in matrix-js-sdk 24.1.0. As a workaround, users may hold group calls in private rooms where only the exact users who are expected to participate in the call are present. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29529 |
CVE-2023-27571 | An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-27571 |
CVE-2018-17453 | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-17453 |
CVE-2023-21903 | Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Internal Tfr Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21903 |
CVE-2023-21904 | Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21904 |
CVE-2023-21916 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Web Server). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21916 |
CVE-2023-21925 | Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21925 |
CVE-2023-21939 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21939 |
CVE-2023-21942 | Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21942 |
CVE-2023-21943 | Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21943 |
CVE-2023-21944 | Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21944 |
CVE-2023-21971 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21971 |
CVE-2023-21722 | .NET Framework Denial of Service Vulnerability | 5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21722 |
CVE-2023-21090 | In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259942609 | 5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21090 |
CVE-2023-28277 | Windows DNS Server Information Disclosure Vulnerability | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-28277 |
CVE-2023-23591 | The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-23591 |
CVE-2023-0005 | A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-0005 |
CVE-2023-22949 | An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That could allow a TigerGraph administrator to effectively harvest usernames/passwords. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22949 |
CVE-2023-1427 | - The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-1427 |
CVE-2023-21911 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21911 |
CVE-2023-21913 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21913 |
CVE-2023-21917 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21917 |
CVE-2023-21919 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21919 |
CVE-2023-21920 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21920 |
CVE-2023-21933 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21933 |
CVE-2023-21935 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21935 |
CVE-2023-21945 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21945 |
CVE-2023-21953 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21953 |
CVE-2023-21955 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21955 |
CVE-2023-21962 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21962 |
CVE-2023-21966 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21966 |
CVE-2023-21972 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21972 |
CVE-2023-21976 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21976 |
CVE-2023-21977 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21977 |
CVE-2023-21981 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21981 |
CVE-2023-21982 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21982 |
CVE-2021-44717 | Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-44717 |
CVE-2023-1410 | Grafana is an open-source platform for monitoring and observability. \n\nGrafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. \n\nThe stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized.\n\nAn attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. \n\n Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix. \n\n\n\n\n\n\n\n\n\n\n | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1410 |
CVE-2023-2014 | Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2014 |
CVE-2022-44625 | Auth. (admin+) Stored Cross-Site Scripting') vulnerability in Zephilou Cyklodev WP Notify plugin <= 1.2.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44625 |
CVE-2023-2102 | Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2102 |
CVE-2022-43480 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43480 |
CVE-2022-44734 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Car Rental by BestWebSoft plugin <= 1.1.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44734 |
CVE-2019-15292 | An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2019-15292 |
CVE-2023-1990 | A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-1990 |
CVE-2019-10224 | A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-10224 |
CVE-2023-21915 | Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Book/Internal Transfer). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N). | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-21915 |
CVE-2023-21998 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-21998 |
CVE-2023-22000 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-22000 |
CVE-2023-22001 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-22001 |
CVE-2019-1600 | A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5). | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-1600 |
CVE-2023-21940 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-21940 |
CVE-2023-21947 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-21947 |
CVE-2022-20625 | A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-20625 |
CVE-2022-27597 | A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-27597 |
CVE-2022-27598 | A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-27598 |
CVE-2023-26845 | A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-26845 |
CVE-2023-1939 | No access control for the OTP key \n\n on OTP entries\n\n in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-1939 |
CVE-2023-28284 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28284 |
CVE-2023-30518 | A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30518 |
CVE-2023-30522 | A missing permission check in Jenkins Fogbugz Plugin 2.2.17 and earlier allows attackers with Item/Read permission to trigger builds of jobs specified in a 'jobname' request parameter. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30522 |
CVE-2023-30523 | Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30523 |
CVE-2023-30524 | Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30524 |
CVE-2023-30527 | Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30527 |
CVE-2023-30529 | Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30529 |
CVE-2023-30530 | Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30530 |
CVE-2022-43698 | OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43698 |
CVE-2022-43699 | OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address). | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43699 |
CVE-2021-30153 | An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-30153 |
CVE-2018-17450 | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-17450 |
CVE-2023-21902 | Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Application). The supported version that is affected is 8.0.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Behavior Detection Platform accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21902 |
CVE-2023-21927 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Interoperability SEC). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21927 |
CVE-2023-21941 | Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21941 |
CVE-2023-21959 | Vulnerability in the Oracle iReceivables product of Oracle E-Business Suite (component: Attachments). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iReceivables. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iReceivables accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21959 |
CVE-2023-21997 | Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle User Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21997 |
CVE-2023-21988 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). | 3.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21988 |
CVE-2020-9009 | The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-9009 |
CVE-2023-28301 | Microsoft Edge (Chromium-based) Tampering Vulnerability | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-28301 |
CVE-2023-21937 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21937 |
CVE-2023-21938 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21938 |
CVE-2023-21968 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21968 |
CVE-2023-21999 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N). | 3.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-21999 |
CVE-2020-3504 | A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-3504 |
CVE-2022-46781 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-46781 |
CVE-2023-26083 | Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-26083 |
CVE-2022-46396 | An issue was discovered in the Arm Mali Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-46396 |
CVE-2023-22808 | An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22808 |
CVE-2023-27703 | The Android version of pikpak v1.29.2 was discovered to contain an information leak via the debug interface. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-27703 |
CVE-2023-29383 | In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29383 |
CVE-2023-22003 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22003 |
CVE-2023-21991 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). | 3.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-21991 |
CVE-2023-29194 | Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. As a workaround, delete the offending keyspace using a CLI client (vtctldclient). | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-29194 |
CVE-2023-21963 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21963 |
CVE-2023-21928 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: IPS repository daemon). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 1.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N). | 1.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21928 |
CVE-2005-2136 | Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users. | – | https://nvd.nist.gov/vuln/detail/CVE-2005-2136 |
CVE-2014-3901 | Raritan Japan Dominion KX2-101 switches before 2 allow remote attackers to cause a denial of service (device hang) via a crafted packet. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-3901 |
CVE-2022-47501 | Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a \npre-authentication attack.\nThis issue affects Apache OFBiz: before 18.12.07.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47501 |
CVE-2021-43612 | In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-43612 |
CVE-2023-2017 | Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\\Core\\Framework\\Adapter\\Twig\\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. Users are advised to upgrade to v6.4.20.1 to resolve this issue. This is a bypass of CVE-2023-22731.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2017 |
CVE-2023-28141 | \nAn NTFS Junction condition exists in the Qualys Cloud Agent\nfor Windows platform in versions before 4.8.0.31. Attackers may write files to\narbitrary locations via a local attack vector. This allows attackers to assume\nthe privileges of the process, and they may delete or otherwise on unauthorized\nfiles, allowing for the potential modification or deletion of sensitive files\nlimited only to that specific directory/file object. This vulnerability is\nbounded to the time of installation/uninstallation and can only be exploited locally.\n\n\n\nAt the time of this disclosure, versions before 4.0 are\nclassified as End of Life.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28141 |
CVE-2023-28856 | Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28856 |
CVE-2023-28004 | \n\n\nA CWE-129: Improper validation of an array index vulnerability exists where a specially crafted\nEthernet request could result in denial of service or remote code execution. \n\n \n\n \n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28004 |
CVE-2023-29002 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29002 |
CVE-2023-29196 | Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker’s payload must pass the CSP to be executed. However, if an attacker succeeds in embedding Javascript that does pass the CSP, it could result in session hijacking for any users that view the attacker’s post. The vulnerability is patched in the latest tests-passed, beta and stable branches. Users are advised to upgrade. Users unable to upgrade should enable and/or restore your site's CSP to the default one provided with Discourse. Remove any embed-able hosts configured. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29196 |
CVE-2023-29410 | \nA CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated\nattacker to gain the same privilege as the application on the server when a malicious payload is\nprovided over HTTP for the server to execute. \n\n \n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29410 |
CVE-2023-30538 | Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Users are advised to upgrade. For users unable to upgrade there are two possible workarounds: enable CDN handing of uploads (and ensure the CDN sanitizes SVG files) or disable SVG file uploads by ensuring that the `authorized extensions` site setting does not include `svg` (or reset that setting to the default, by default Discourse doesn't enable SVG uploads by users). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30538 |
CVE-2023-30606 | Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear_cache!` and `#notify_changed!`, which when done on a multisite instance, can affect the entire cluster resulting in a denial of service. Users not running in multisite environments are not affected. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30606 |
CVE-2023-30608 | sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30608 |
CVE-2021-28254 | A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-28254 |
CVE-2023-27043 | The e-mail module of Python 0 - 2.7.18, 3.x - 3.11 incorrectly parses e-mail addresses which contain a special character. This vulnerability allows attackers to send messages from e-ail addresses that would otherwise be rejected. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27043 |
CVE-2023-29510 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In XWiki, every user can add translations that are only applied to the current user. This also allows overriding existing translations. Such translations are often included in privileged contexts without any escaping which allows remote code execution for any user who has edit access on at least one document which could be the user's own profile where edit access is enabled by default. A mitigation for this vulnerability is part of XWiki 14.10.2 and XWiki 15.0 RC1: translations with user scope now require script right. This means that regular users cannot exploit this anymore as users don't have script right by default anymore starting with XWiki 14.10. There are no known workarounds apart from upgrading to a patched versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29510 |
CVE-2023-29512 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the information loaded from attachments in `imported.vm`, `importinline.vm`, and `packagelist.vm`. This page is installed by default. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29512 |
CVE-2023-29513 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. If guest has view right on any document. It's possible to create a new user using the `distribution/firstadminuser.wiki` in the wrong context. This vulnerability has been patched in XWiki 15.0-rc-1 and 14.10.1. There is no known workaround other than upgrading. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29513 |
CVE-2023-29514 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on any document (e.g., their own user profile) can execute code with programming rights, leading to remote code execution. This vulnerability has been patched in XWiki 13.10.11, 14.4.8, 14.10.1 and 15.0 RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29514 |
CVE-2023-29515 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can be exploited by creating an app in App Within Minutes. If the button should be disabled because the user doesn't have global edit right, the app can also be created by directly opening `/xwiki/bin/view/AppWithinMinutes/CreateApplication?wizard=true` on the XWiki installation. This has been patched in XWiki 13.10.11, 14.4.8, 14.10.1 and 15.0 RC1 by not granting the space admin right if the user doesn't have script right on the space where the app is created. Error message are displayed to warn the user that the app will be broken in this case. Users who became space admin through this vulnerability won't loose the space admin right due to the fix, so it is advised to check if all users who created AWM apps should keep their space admin rights. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29515 |
CVE-2023-29516 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on `XWiki.AttachmentSelector` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping in the "Cancel and return to page" button. This page is installed by default. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. There are no known workarounds for this vulnerability.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29516 |
CVE-2023-29517 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The office document viewer macro was allowing anyone to see any file content from the hosting server, provided that the office server was connected and depending on the permissions of the user running the servlet engine (e.g. tomcat) running XWiki. The same vulnerability also allowed to perform internal requests to resources from the hosting server. The problem has been patched in XWiki 13.10.11, 14.10.1, 14.4.8, 15.0-rc-1. Users are advised to upgrade. It might be possible to workaround this vulnerability by running XWiki in a sandbox with a user with very low privileges on the machine.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29517 |
CVE-2023-29518 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of `Invitation.InvitationCommon`. This page is installed by default. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29518 |
CVE-2023-29519 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own dashboard. Note that the vulnerability does not impact comments of a wiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.8, 14.10.2, 15.0-rc-1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29519 |
CVE-2023-29520 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no workarounds other than fixing any way to create a document that fail to load. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29520 |
CVE-2023-29521 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of `Macro.VFSTreeMacro`. This page is not installed by default.This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.2, 14.4.8, 13.10.11. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29521 |
CVE-2023-29522 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. This issue has been patched in XWiki 14.4.8, 14.10.3 and 15.0RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29522 |
CVE-2023-29523 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The same vulnerability can also be exploited in other contexts where the `display` method on a document is used to display a field with wiki syntax, for example in applications created using `App Within Minutes`. This has been patched in XWiki 13.10.11, 14.4.8, 14.10.2 and 15.0RC1. There is no workaround apart from upgrading. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29523 |
CVE-2023-29524 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute anything with the right of the Scheduler Application sheet page. A user without script or programming rights, edit your user profile with the object editor and add a new object of type XWiki.SchedulerJobClass, In "Job Script", groovy code can be added and will be executed in the server context on viewing. This has been patched in XWiki 14.10.3 and 15.0 RC1. Users are advised to upgrade. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29524 |
CVE-2023-29525 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the `since` parameter of the `/xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration` endpoint. This provides an XWiki syntax injection attack via the since-parameter, allowing privilege escalation from view to programming rights and subsequent code execution privilege. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8 and 14.10.3. Users are advised to upgrade. Users unable to upgrade may modify the page `XWiki.Notifications.Code.LegacyNotificationAdministration` to add the missing escaping. For versions < 14.6-rc-1 a workaround is to modify the file `<xwikiwebapp>/templates/distribution/eventmigration.wiki` to add the missing escaping. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29525 |
CVE-2023-29526 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to display or interact with any page a user cannot access through the combination of the async and display macros. A comment with either macro will be executed when viewed providing a code injection vector in the context of the running server. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29526 |
CVE-2023-29527 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile (or any other document) with the wiki editor and add groovy script content. Viewing the document after saving it will execute the groovy script in the server context which provides code execution. This vulnerability has been patched in XWiki 15.0-rc-1 and 14.10.3. Users are advised to upgrade. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29527 |
CVE-2023-30552 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `sql/instance.py` endpoint's `describe` method. In several cases, user input coming from the `tb_name` parameter value, the `db_name` parameter value or the `schema_name` value in the `sql/instance.py` `describe` endpoint is passed to the `describe_table` methods in given SQL engine implementations, which concatenate user input unsafely into a SQL query and afterwards pass it to the `query` method of each database engine for execution. Please take into account that in some cases all three parameter values are concatenated, in other only one or two of them. The affected methods are: `describe_table` in `sql/engines/clickhouse.py`which concatenates input which is passed to execution on the database in the `query` method in `sql/engines/clickhouse.py`, `describe_table` in `sql/engines/mssql.py` which concatenates input which is passed to execution on the database in the `query` methods in `sql/engines/mssql.py`, `describe_table` in `sql/engines/mysql.py`which concatenates input which is passed to execution on the database in the `query` method in `sql/engines/mysql.py`, `describe_table` in `sql/engines/oracle.py` which concatenates input which is passed to execution on the database in the `query` methods in `sql/engines/oracle.py`, `describe_table` in `sql/engines/pgsql.py`which concatenates input which is passed to execution on the database in the `query` methods in `sql/engines/pgsql.py`, `describe_table` in `sql/engines/phoenix.py` which concatenates input which is passed to execution on the database in the `query` method in `sql/engines/phoenix.py`. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-101`.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30552 |
CVE-2023-30553 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the `sql_api/api_workflow.py` endpoint `ExecuteCheck`. User input coming from the `db_name` parameter value and the `full_sql` parameter value in the `api_workflow.py` `ExecuteCheck` endpoint is passed to the methods that follow in given SQL engine implementations, which concatenate user input unsafely into a SQL query and afterwards pass it to the `query` method of each database engine for execution. The affected methods are `execute_check` in `sql/engines/clickhouse.py` which concatenates input which is passed to execution on the database in the `sql/engines/clickhouse.py` `query` method, `execute_check` in `sql/engines/goinception.py`which concatenates input which is passed to execution on the database in the `sql/engines/goinception.py` `query` method, `execute_check` in `sql/engines/oracle.py`which passes unsafe user input into the `object_name_check` method in `sql/engines/oracle.py` which in turn is passed to execution on the database in the `sql/engines/oracle.py` `query` method. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-102`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30553 |
CVE-2023-30554 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `sql_api/api_workflow.py` endpoint `ExecuteCheck` which passes unfiltered input to the `explain_check` method in `sql/engines/oracle.py`. User input coming from the `db_name` parameter value in the `api_workflow.py` `ExecuteCheck` endpoint is passed through the `oracle.py` `execute_check` method and to the `explain_check` method for execution. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-103`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30554 |
CVE-2023-30555 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the `explain` method in `sql_optimize.py`. User input coming from the `db_name` parameter value in the `explain` endpoint is passed to the following `query` methods of each database engine for execution. `query` in `sql/engines/mssql.py`, and `query` in `sql/engines/oracle.py`. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-108`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30555 |
CVE-2023-30556 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `optimize_sqltuningadvisor` method of `sql_optimize.py`. User input coming from the `db_name` parameter value in `sql_optimize.py` is passed to the `sqltuningadvisor` method in `oracle.py`for execution. To mitigate escape the variables accepted via user input when used in `sql_optimize.py`. Users may also use prepared statements when dealing with SQL as a mitigation for this issue. This issue is also indexed as `GHSL-2022-107`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30556 |
CVE-2023-30557 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `data_dictionary.py` `table_info`. User input coming from the `db_name` in and the `tb_name` parameter values in the `sql/data_dictionary.py` `table_info` endpoint is passed to the following methods in the given SQL engine implementations, which concatenate user input unsafely into a SQL query and afterwards pass it to the `query` method of each database engine for execution.The methods are `get_table_meta_data ` in `sql/engines/mssql.py` which passes unsafe user input to the `sql/engines/mssql.py` `query` method, `get_table_desc_data` in `sql/engines/mssql.py`which passes unsafe user input to the `sql/engines/mssql.py` `query`, `get_table_index_data` in `sql/engines/mssql.py`which passes unsafe user input to the `sql/engines/mssql.py` `query` method, `get_table_meta_data` in `sql/engines/oracle.py`which concatenates input which is passed to execution on the database in the `sql/engines/oracle.py` `query` method, `get_table_desc_data` in `sql/engines/oracle.py`which concatenates input which is passed to execution on the database in the `sql/engines/oracle.py` `query` method, and `get_table_index_data` in `sql/engines/oracle.py` which concatenates input which is passed to execution on the database in the `sql/engines/oracle.py` `query` method. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-106`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30557 |
CVE-2023-30558 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the `db_name` in the `sql/data_dictionary.py` `table_list` endpoint is passed to the methods that follow in a given SQL engine implementations, which concatenate user input unsafely into a SQL query and afterwards pass it to the `query` method of each database engine for execution. The affected methods are `get_group_tables_by_db` in `sql/engines/mssql.py`which passes unsafe user input to `sql/engines/mssql.py`, and `get_group_tables_by_db` in `sql/engines/oracle.py`which concatenates input which is passed to execution on the database in the `sql/engines/oracle.py` `query` method. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-105`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30558 |
CVE-2023-30605 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the `variable_name` and `variable_value` parameter value in the `sql/instance.py` `param_edit` endpoint is passed to a set of methods in given SQL engine implementations, which concatenate user input unsafely into a SQL query and afterwards pass it to the `query` method of each database engine for execution. The affected methods are: `set_variable` in `sql/engines/goinception.py` which concatenates input which is passed to execution on the database in the `sql/engines/goinception.py`, `get_variables` in `sql/engines/goinception.py` which concatenates input which is passed to execution on the database in the `sql/engines/goinception.py`, `set_variable` in `sql/engines/mysql.py` which concatenates input which is passed to execution on the database in the `sql/engines/mysql.py` `query`, and `get_variables` in `sql/engines/mysql.py`which concatenates input which is passed to execution on the database in the `sql/engines/mysql.py` `query`. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This advisory is also indexed as `GHSL-2022-104`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30605 |
CVE-2023-2133 | Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2133 |
CVE-2023-2134 | Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2134 |
CVE-2023-2135 | Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2135 |
CVE-2023-2136 | Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2136 |
CVE-2023-2137 | Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2137 |
CVE-2022-2507 | In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2507 |
CVE-2023-25619 | \nA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that\ncould cause denial of service of the controller when communicating over the Modbus TCP\nprotocol. \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25619 |
CVE-2023-25620 | \n\n\nA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that\ncould cause denial of service of the controller when a malicious project file is loaded onto the\ncontroller by an authenticated user. \n\n \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25620 |
CVE-2023-2168 | The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Suggest Terms Title field in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2168 |
CVE-2023-2169 | The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2169 |
CVE-2023-2170 | The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2170 |
CVE-2022-38125 | Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-38125 |
CVE-2022-4308 | Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4308 |
CVE-2023-0317 | Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0317 |
CVE-2023-22645 | An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22645 |
CVE-2023-25759 | OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25759 |
CVE-2023-25760 | Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25760 |
CVE-2023-26599 | XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26599 |
CVE-2023-27776 | A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27776 |
CVE-2023-29921 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29921 |
CVE-2023-30463 | Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. This affects installations with Ethernet support in which a packet size greater than 65495 may occur. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30463 |
CVE-2023-27777 | Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27777 |
CVE-2023-29923 | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29923 |
CVE-2023-29586 | Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29586 |
CVE-2023-22621 | Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses the validation checks that should prevent code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22621 |
CVE-2023-22893 | Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22893 |
CVE-2023-22894 | Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then this can be exploited to discover the password hash and password reset token of all users. If the attacker has admin panel access to an account with permission to access the username and email of API users with a lower privileged role (e.g., Editor or Author), then this can be exploited to discover sensitive information for all API users but not other admin accounts. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22894 |
CVE-2021-43819 | Stargate-Bukkit is a mod for the minecraft video game which adds a portal focused environment. In affected versions Minecarts with chests will drop their items when teleporting through a portal; when they reappear, they will still have their items impacting the integrity of the game world. The teleport code has since been rewritten and is available in release `0.11.5.1`. Users are advised to upgrade. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-43819 |
CVE-2023-30610 | aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The `aws_sigv4::SigningParams` struct had a derived `Debug` implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is enabled for an SDK, `SigningParams` is printed, thereby revealing those credentials to anyone with access to logs. All users of the AWS SDK for Rust who enabled TRACE-level logging, either globally (e.g. `RUST_LOG=trace`), or for the `aws-sigv4` crate specifically are affected. This issue has been addressed in a set of new releases. Users are advised to upgrade. Users unable to upgrade should disable TRACE-level logging for AWS Rust SDK crates.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30610 |
CVE-2023-30611 | Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. In affected versions data about what reactions were performed on a post in a private topic could be leaked. This issue has been addressed in version 0.3. Users are advised to upgrade. Users unable to upgrade should disable the discourse-reactions plugin to fully mitigate the issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30611 |
CVE-2023-30612 | Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily crashed, causing Deny-of-Service (DoS). This can also be a potential Use-After-Free (UAF) vulnerability. Users require to have the write access to the API socket file to trigger this vulnerability. Impacted versions of Cloud Hypervisor include upstream main branch, v31.0, and v30.0. The vulnerability was initially detected by our `http_api_fuzzer` via oss-fuzz. This issue has been addressed in versions 30.1 and 31.1. Users unable to upgrade may mitigate this issue by ensuring the write access to the API socket file is granted to trusted users only. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30612 |
CVE-2023-30614 | Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions prior to 6.3.2 a payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If the targeted application contains a functionality to submit user-generated content (such as comments) the attacker could even distribute the URL using that functionality. This has been patched in version 6.3.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30614 |
CVE-2023-1585 | Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1585 |
CVE-2023-1586 | Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1586 |
CVE-2023-1587 | Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1587 |
CVE-2023-1900 | A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap and lead to a denial-of-service situation. \nIssue was fixed with Endpointprotection.exe version 1.0.2303.633 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1900 |
CVE-2023-29922 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29922 |
CVE-2021-0872 | In PVRSRVBridgeRGXKickVRDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270401229 | – | https://nvd.nist.gov/vuln/detail/CVE-2021-0872 |
CVE-2021-0873 | In PVRSRVBridgeRGXKickRS of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270392711 | – | https://nvd.nist.gov/vuln/detail/CVE-2021-0873 |
CVE-2021-0874 | In PVRSRVBridgeDevicememHistorySparseChange of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270399633 | – | https://nvd.nist.gov/vuln/detail/CVE-2021-0874 |
CVE-2021-0875 | In PVRSRVBridgeChangeSparseMem of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270400061 | – | https://nvd.nist.gov/vuln/detail/CVE-2021-0875 |
CVE-2021-0876 | In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270400229 | – | https://nvd.nist.gov/vuln/detail/CVE-2021-0876 |
CVE-2021-0878 | In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270399153 | – | https://nvd.nist.gov/vuln/detail/CVE-2021-0878 |
CVE-2021-0879 | In PVRSRVBridgeRGXTDMSubmitTransfer of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270397970 | – | https://nvd.nist.gov/vuln/detail/CVE-2021-0879 |
CVE-2021-0880 | In PVRSRVBridgeRGXKickTA3D of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270396792 | – | https://nvd.nist.gov/vuln/detail/CVE-2021-0880 |
CVE-2021-0881 | In PVRSRVBridgeRGXKickCDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270396350 | – | https://nvd.nist.gov/vuln/detail/CVE-2021-0881 |
CVE-2021-0882 | In PVRSRVBridgeRGXKickSync of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270395803 | – | https://nvd.nist.gov/vuln/detail/CVE-2021-0882 |
CVE-2021-0883 | In PVRSRVBridgeCacheOpQueue of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270395013 | – | https://nvd.nist.gov/vuln/detail/CVE-2021-0883 |
CVE-2021-0884 | In PVRSRVBridgePhysmemImportSparseDmaBuf of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270393454 | – | https://nvd.nist.gov/vuln/detail/CVE-2021-0884 |
CVE-2021-0885 | In PVRSRVBridgeSyncPrimOpTake of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270401914 | – | https://nvd.nist.gov/vuln/detail/CVE-2021-0885 |
CVE-2023-20862 | In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20862 |
CVE-2023-20941 | In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264029575References: Upstream kernel | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20941 |
CVE-2023-20950 | In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-195756028 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20950 |
CVE-2023-20967 | In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-225879503 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20967 |
CVE-2023-21080 | In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-245916076 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21080 |
CVE-2023-21081 | In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-230492955 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21081 |
CVE-2023-21082 | In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user's contact phone number due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-257030107 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21082 |
CVE-2023-21083 | In onNullBinding of CallScreeningServiceHelper.java, there is a possible way to record audio without showing a privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252762941 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21083 |
CVE-2023-21084 | In buildPropFile of filesystem.go, there is a possible insecure hash due to an improperly used crypto. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262892300 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21084 |
CVE-2023-21092 | In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242040055 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21092 |
CVE-2023-21093 | In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-228450832 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21093 |
CVE-2023-21094 | In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-248031255 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21094 |
CVE-2023-21097 | In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261858325 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21097 |
CVE-2023-21100 | In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-242544249 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21100 |
CVE-2023-28122 | A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28122 |
CVE-2023-28123 | A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28123 |
CVE-2023-28124 | Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28124 |
CVE-2023-2162 | A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2162 |
CVE-2023-30797 | \n\nNetflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30797 |
CVE-2021-33972 | Buffer Overflow vulnerability in Qihoo 360 Safe Browser v13.0.2170.0 allows attacker to escalate priveleges. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33972 |
CVE-2021-33973 | Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allows attacker to escalate priveleges. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33973 |
CVE-2021-33974 | Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Chrome (https://browser.360.cn/ee/) is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: This is a set of vulnerabilities affecting popular software, and the installation packages correspond to versions "360 Safeguard(12.1.0.1004,12.1.0.1005,13.1.0.1001)" , "360 Total Security(10.8.0.1060,10.8.0.1213)", "360 Safe Browser & 360 Chrome(12. The attack vector is: On the browser vulnerability, just open a link to complete the vulnerability exploitation remotely; on the client software, you need to locally execute the vulnerability exploitation program, which of course can be achieved with the full chain of browser vulnerability. ¶¶ This is a set of the most serious vulnerabilities that exist on Qihoo 360's PC client multiple popular software, remote vulnerabilities can be accomplished by opening a link to arbitrary code execution on both security browsers, in conjunction with the exploitation of local vulnerabilities that allow spyware to persist without being scanned to permanently reside on the target PC computer (because local vulnerabilities target Qihoo 360 company's antivirus software kernel flaws); this set of remote and local vulnerabilities in perfect coordination, to achieve an information security fallacy, on Qihoo 360's antivirus software vulnerability, not only can not be scanned out of the virus, but will help the virus persistently control the target computer, while Qihoo 360 claims to be a secure browser, which exists in the kernel vulnerability but help the composition of the remote vulnerability.(Security expert "Memory Corruptor" have reported this set of vulnerabilities to the corresponding vendor, all vulnerabilities have been fixed and the vendor rewarded thousands of dollars to this security expert) | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33974 |
CVE-2021-33975 | Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 allows attacker to escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33975 |
CVE-2021-33970 | Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33970 |
CVE-2021-33971 | Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Total Security (http://www.360totalsecurity.com/) is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: This is a set of vulnerabilities affecting popular software, "360 Safeguard(12.1.0.1004,12.1.0.1005,13.1.0.1001)" , "360 Total Security(10.8.0.1060,10.8.0.1213)", "360 Safe Browser & 360 Chrome(13.0.2170.0)". The attack vector is: On the browser vulnerability, just open a link to complete the vulnerability exploitation remotely; on the client software, you need to locally execute the vulnerability exploitation program, which of course can be achieved with the full chain of browser vulnerability. ¶¶ This is a set of the most serious vulnerabilities that exist on Qihoo 360's PC client a variety of popular software, remote vulnerabilities can be completed by opening a link to arbitrary code execution on both security browsers, with the use of local vulnerabilities, not only help the vulnerability code constitutes an escalation of privileges, er can make the spyware persistent without being scanned permanently resides on the target PC computer (because local vulnerability against Qihoo 360 company's antivirus kernel flaws); this group of remote and local vulnerability of the perfect match, to achieve an information security fallacy, in Qihoo 360's antivirus vulnerability, not only can not be scanned out of the virus, but will help the virus persistently control the target computer, while Qihoo 360 claims to be a safe browser, which exists in the kernel vulnerability but helped the composition of the remote vulnerability. (Security expert "Memory Corruptor" have reported this set of vulnerabilities to the corresponding vendor, all vulnerabilities have been fixed and the vendor rewarded thousands of dollars to the security experts) | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33971 |
CVE-2021-3429 | When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-3429 |
CVE-2022-2084 | Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2084 |
CVE-2023-1382 | A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1382 |
CVE-2023-23451 | The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration. Gateways with a serial number >2311xxxx have the Telnet interface disabled by factory default. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23451 |
CVE-2023-28327 | A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28327 |
CVE-2023-28328 | A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28328 |
CVE-2023-2166 | A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2166 |
CVE-2023-2191 | Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azuracast prior to 0.18. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2191 |
CVE-2014-125099 | A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The name of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-125099 |
CVE-2022-4942 | A vulnerability was found in mportuga eslint-detailed-reporter up to 0.9.0 and classified as problematic. Affected by this issue is the function renderIssue in the library lib/template-generator.js. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The name of the patch is 505c190efd4905990db6207863bdcbd9b1d7e1bd. It is recommended to apply a patch to fix this issue. VDB-226310 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4942 |
CVE-2023-28047 | \nDell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28047 |
CVE-2023-0383 | \nUser-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1\n\n due to uncontrolled memory consumption.\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0383 |
CVE-2023-0384 | \nUser-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1\n\n due to uncontrolled memory consumption for a scheduled job.\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0384 |
CVE-2023-2112 | Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2112 |
CVE-2023-2193 | Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2193 |
CVE-2023-1767 | The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on its package health page. An attacker could create a package in NPM with an associated markdown README file containing XSS-able HTML tags. Upon Snyk Advisor importing the package, the XSS would run each time an end user browsed to the package's page on Snyk Advisor. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1767 |
CVE-2021-38363 | An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. Deletion is possible neither by a user nor by the intermittent Intent Cleanup process. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-38363 |
CVE-2021-38364 | An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing flow rules related to other intents. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-38364 |
CVE-2022-24035 | An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In combination with other applications, it could lead to a failure of network management. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-24035 |
CVE-2022-24109 | An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then remove the duplicate one. This will remove the flow rules of the intent, even though the intent still exists in the controller. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-24109 |
CVE-2022-29604 | An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29604 |
CVE-2022-29605 | An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of an intent into an OpenFlow 1.0 switch that does not support IPv6. Improper handling of the difference in capabilities of the intent and switch is misleading to a network operator. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29605 |
CVE-2022-29606 | An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29606 |
CVE-2022-29607 | An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without any flow rule. Improper handling of such an intent is misleading to a network operator. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29607 |
CVE-2022-29608 | An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its path installs an invalid flow rule, causing a network loop. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29608 |
CVE-2022-29609 | An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing. Improper handling of such an intent is misleading to a network operator. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29609 |
CVE-2022-29944 | An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of paths installed by intents. An existing intents does not redirect to a new path, even if a new intent that shares the path with higher priority is installed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29944 |
CVE-2022-46302 | Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46302 |
CVE-2023-22309 | Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22309 |
CVE-2023-27652 | An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges cause a denial of service via the update_info field of the _default_.xml file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27652 |
CVE-2023-29926 | PowerJob V4.3.2 has unauthorized interface that causes remote code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29926 |
CVE-2022-36788 | A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially-crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-36788 |
CVE-2023-25601 | On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25601 |
CVE-2023-27350 | This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27350 |
CVE-2023-27351 | This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27351 |
CVE-2023-1255 | Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM\nplatform contains a bug that could cause it to read past the input buffer,\nleading to a crash.\n\nImpact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM\nplatform can crash in rare circumstances. The AES-XTS algorithm is usually\nused for disk encryption.\n\nThe AES-XTS cipher decryption implementation for 64 bit ARM platform will read\npast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16\nbyte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext\nbuffer is unmapped, this will trigger a crash which results in a denial of\nservice.\n\nIf an attacker can control the size and location of the ciphertext buffer\nbeing decrypted by an application using AES-XTS on 64 bit ARM, the\napplication is affected. This is fairly unlikely making this issue\na Low severity one. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1255 |
CVE-2023-23938 | Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker administration. Administrative privilege is required, but an attacker with tracker administration rights could use this vulnerability to force a victim to execute uncontrolled code in the context of their browser. This issue has been addressed in Tuleap Community Edition version 14.5.99.4. Users are advised to upgrade. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23938 |
CVE-2023-27495 | @fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @fastify/csrf-protection supports an optional userInfo parameter that binds the CSRF token to the user. This parameter has been introduced to prevent cookie-tossing attacks as a fix for CVE-2021-29624. Whenever userInfo parameter is missing, or its value can be predicted for the target user account, network and same-site attackers can 1. fixate a _csrf cookie in the victim's browser, and 2. forge CSRF tokens that are valid for the victim's session. This allows attackers to bypass the CSRF protection mechanism. As a fix, @fastify/csrf-protection starting from version 6.3.0 (and v4.1.0) includes a server-defined secret hmacKey that cryptographically binds the CSRF token to the value of the _csrf cookie and the userInfo parameter, making tokens non-spoofable by attackers. This protection is effective as long as the userInfo parameter is unique for each user. This is patched in versions 6.3.0 and v4.1.0. Users are advised to upgrade. Users unable to upgrade may use a random, non-predictable userInfo parameter for each user as a mitigation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27495 |
CVE-2023-29528 | XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid HTML comments. As a consequence, any code relying on this "restricted" mode for security is vulnerable to JavaScript injection ("cross-site scripting"/XSS). When a privileged user with programming rights visits such a comment in XWiki, the malicious JavaScript code is executed in the context of the user session. This allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. This problem has been patched in XWiki 14.10, HTML comments are now removed in restricted mode and a check has been introduced that ensures that comments don't start with `>`. There are no known workarounds apart from upgrading to a version including the fix.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29528 |
CVE-2023-30616 | Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any website without a user noticing. Users are advised to upgrade to version 1.0.2. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30616 |
CVE-2023-22295 | Datakit CrossCadWare_x64.dll contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22295 |
CVE-2023-22321 | \n\n\nDatakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. \n\n \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22321 |
CVE-2023-22354 | \n\n\n\n\nDatakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. \n\n \n\n \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22354 |
CVE-2023-22846 | \n\n\n\n\n\n\nDatakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. \n\n \n\n \n\n \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22846 |
CVE-2023-23579 | \n\n\n\n\n\n\n\n\nDatakit CrossCadWare_x64.dll contains an out-of-bounds write past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This could allow an attacker to execute code in the context of the current process. \n\n \n\n \n\n \n\n \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23579 |
CVE-2023-30076 | Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judges.php?print_judges.php=&se_name=&sub_event_id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30076 |
CVE-2023-27090 | Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensitive information via the article title parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27090 |
CVE-2021-36436 | An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-36436 |
CVE-2023-20864 | VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20864 |
CVE-2023-20865 | VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20865 |
CVE-2023-20873 | In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20873 |
CVE-2023-28458 | pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28458 |
CVE-2023-28459 | pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28459 |
CVE-2023-2131 | Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2131 |
CVE-2023-2176 | A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2176 |
CVE-2023-2177 | A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2177 |
CVE-2023-2194 | An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2194 |
CVE-2023-27352 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19845. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27352 |
CVE-2023-27353 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msprox endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19846. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27353 |
CVE-2023-27354 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before reading from memory. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19727. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27354 |
CVE-2023-27355 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPEG-TS parser. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19773. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27355 |
CVE-2023-2202 | Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2202 |
CVE-2023-1892 | Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1892 |
CVE-2023-2204 | A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file faqs.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226969 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2204 |
CVE-2023-2205 | A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-226970 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2205 |
CVE-2023-2206 | A vulnerability classified as critical has been found in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file contactus.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226971. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2206 |
CVE-2023-2207 | A vulnerability classified as critical was found in Campcodes Retro Basketball Shoes Online Store 1.0. This vulnerability affects unknown code of the file contactus1.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226972. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2207 |
CVE-2023-2208 | A vulnerability, which was classified as critical, has been found in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226973 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2208 |
CVE-2023-2209 | A vulnerability, which was classified as critical, was found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/sales/view_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226974 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2209 |
CVE-2023-2210 | A vulnerability has been found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/categories/view_category.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226975. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2210 |
CVE-2023-2211 | A vulnerability was found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226976. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2211 |
CVE-2023-2212 | A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226977 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2212 |
CVE-2023-2213 | A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/products/manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226978 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2213 |
CVE-2023-2214 | A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/sales/manage_sale.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226979. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2214 |
CVE-2023-2215 | A vulnerability classified as critical has been found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226980. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2215 |
CVE-2023-2216 | A vulnerability classified as problematic was found in Campcodes Coffee Shop POS System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument firstname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226981 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2216 |
CVE-2023-2217 | A vulnerability, which was classified as critical, was found in SourceCodester Task Reminder System 1.0. This affects an unknown part of the file /admin/reminders/manage_reminder.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226983. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2217 |
CVE-2023-2218 | A vulnerability has been found in SourceCodester Task Reminder System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226984. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2218 |
CVE-2023-2219 | A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as problematic. This issue affects some unknown processing of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226985 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2219 |
CVE-2021-33589 | Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33589 |
CVE-2023-26100 | In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user's web browser. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26100 |
CVE-2023-26101 | In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet Investigator could leverage a path-traversal vulnerability to retrieve files on the Flowmon appliance's local filesystem. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26101 |
CVE-2023-2220 | A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2220 |
CVE-2023-2226 | Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. \n\nFor this attack to succeed, the attacker needs to be able to introduce malicious files to the system at the same time that Velociraptor attempts to collect any artifacts that attempt to parse PE files, Authenticode signatures, or OLE files. After crashing, the Velociraptor service will restart and it will still be possible to collect other artifacts.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2226 |
CVE-2023-2227 | Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2227 |
CVE-2023-2228 | Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2228 |
CVE-2022-48150 | Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48150 |
CVE-2023-29575 | Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29575 |
CVE-2023-1998 | The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line.\n\nThis happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1998 |
CVE-2023-26876 | SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26876 |
CVE-2023-29905 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29905 |
CVE-2023-29906 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29906 |
CVE-2023-29907 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29907 |
CVE-2023-29908 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetMobileAPInfoById interface at /goform/aspForm. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29908 |
CVE-2023-29909 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29909 |
CVE-2023-29910 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29910 |
CVE-2023-29911 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29911 |
CVE-2023-29912 | H3C Magic R200 R200V100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29912 |
CVE-2023-29913 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29913 |
CVE-2023-29914 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29914 |
CVE-2023-29915 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29915 |
CVE-2023-29916 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29916 |
CVE-2023-29917 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via go parameter at /goform/aspForm. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29917 |
CVE-2023-2231 | A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227001 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2231 |
CVE-2023-2139 | \nA reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2139 |
CVE-2023-2140 | A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 \n\ncould allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2140 |
CVE-2023-2141 | An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2141 |
CVE-2023-30798 | There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30798 |
CVE-2022-47930 | An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47930 |
CVE-2023-26556 | io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26556 |
CVE-2023-26557 | io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26557 |
CVE-2022-36963 | The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-36963 |
CVE-2022-47505 | The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47505 |
CVE-2022-47509 | The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47509 |
CVE-2023-29924 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29924 |
CVE-2023-30618 | Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the `info` logging level during the `kitchen converge` action. Prior to v7.0.0, the output values were printed at the `debug` level to avoid writing sensitive values to the terminal by default. An attacker would need access to the local machine in order to gain access to these logs during an operation. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30618 |
CVE-2023-30620 | mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the vulnerability is called a TarSlip or a ZipSlip variant. An attacker may leverage this vulnerability to overwrite any local file which the server process has access to. There is no risk of file exposure with this vulnerability. This issue has been addressed in release `23.2.1.0 `. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30620 |
CVE-2023-30621 | Gipsy is a multi-purpose discord bot which aim to be as modular and user-friendly as possible. In versions prior to 1.3 users can run command on the host machine with sudoer permission. The `!ping` command when provided with an IP or hostname used to run a bash `ping <IP>` without verification that the IP or hostname was legitimate. This command was executed with root permissions and may lead to arbitrary command injection on the host server. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30621 |
CVE-2023-2118 | Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2118 |
CVE-2023-29019 | @fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using `@fastify/passport` in affected versions for user authentication, in combination with `@fastify/session` as the underlying session management mechanism, are vulnerable to session fixation attacks from network and same-site attackers. fastify applications rely on the `@fastify/passport` library for user authentication. The login and user validation are performed by the `authenticate` function. When executing this function, the `sessionId` is preserved between the pre-login and the authenticated session. Network and same-site attackers can hijack the victim's session by tossing a valid `sessionId` cookie in the victim's browser and waiting for the victim to log in on the website. As a solution, newer versions of `@fastify/passport` regenerate `sessionId` upon login, preventing the attacker-controlled pre-session cookie from being upgraded to an authenticated session. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29019 |
CVE-2023-29020 | @fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger) protection enforced by the `@fastify/csrf-protection` library, when combined with `@fastify/passport` in affected versions, can be bypassed by network and same-site attackers. `fastify/csrf-protection` implements the synchronizer token pattern (using plugins `@fastify/session` and `@fastify/secure-session`) by storing a random value used for CSRF token generation in the `_csrf` attribute of a user's session. The `@fastify/passport` library does not clear the session object upon authentication, preserving the `_csrf` attribute between pre-login and authenticated sessions. Consequently, CSRF tokens generated before authentication are still valid. Network and same-site attackers can thus obtain a CSRF token for their pre-session, fixate that pre-session in the victim's browser via cookie tossing, and then perform a CSRF attack after the victim authenticates. As a solution, newer versions of `@fastify/passport` include the configuration options: `clearSessionOnLogin (default: true)` and `clearSessionIgnoreFields (default: ['passport', 'session'])` to clear all the session attributes by default, preserving those explicitly defined in `clearSessionIgnoreFields`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29020 |
CVE-2023-2240 | Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2240 |
CVE-2023-0184 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0184 |
CVE-2023-0190 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0190 |
CVE-2023-0199 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0199 |
CVE-2023-0200 | NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0200 |
CVE-2023-0201 | NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service, compromised integrity, and information disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0201 |
CVE-2023-0202 | NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0202 |
CVE-2023-0203 | NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0203 |
CVE-2023-0204 | NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0204 |
CVE-2023-0205 | NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0205 |
CVE-2023-0206 | NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0206 |
CVE-2023-0207 | NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0207 |
CVE-2023-0209 | NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0209 |
CVE-2023-25505 | NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25505 |
CVE-2023-25506 | NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25506 |
CVE-2023-25507 | NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25507 |
CVE-2023-25508 | NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25508 |
CVE-2023-25509 | NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25509 |
CVE-2023-25510 | NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25510 |
CVE-2023-25511 | NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in cuobjdump, where a division-by-zero error may enable a user to cause a crash, which may lead to a limited denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25511 |
CVE-2023-25512 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds memory read by running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25512 |
CVE-2023-25513 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25513 |
CVE-2023-25514 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25514 |
CVE-2023-2241 | A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2241 |
CVE-2023-2242 | A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component GET Parameter Handler. The manipulation of the argument c/s leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227227. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2242 |
CVE-2023-2239 | Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2239 |
CVE-2023-2243 | A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file users/registration.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227228. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2243 |
CVE-2023-2244 | A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects an unknown part of the file /admin/orders/update_status.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227229 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2244 |
CVE-2023-2245 | A vulnerability was found in hansunCMS 1.4.3. It has been declared as critical. This vulnerability affects unknown code of the file /ueditor/net/controller.ashx?action=catchimage. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227230 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2245 |
CVE-2022-4944 | A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.50 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227000. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4944 |
CVE-2023-1875 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1875 |
CVE-2022-44582 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apptivo Apptivo Business Site CRM plugin <= 3.0.12 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-44582 |
CVE-2022-44631 | Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in 1app Technologies, Inc 1app Business Forms plugin <= 1.0.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-44631 |
CVE-2022-44594 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Codebangers All in One Time Clock Lite plugin <= 1.3.320 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-44594 |
CVE-2022-44743 | Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.11.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-44743 |
CVE-2022-45361 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Boris Kuzmanov 0mk Shortener plugin <= 0.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45361 |
CVE-2022-47435 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Olive Design WP-OliveCart plugin <= 1.1.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47435 |
CVE-2023-22698 | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jason Bobich Theme Blvd Responsive Google Maps plugin <= 1.0.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22698 |
CVE-2023-22718 | Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User Meta Manager plugin <= 3.4.9 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22718 |
CVE-2023-24386 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Karishma Arora AI Contact Us Form plugin <= 1.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24386 |
CVE-2023-24404 | Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24404 |
CVE-2023-23717 | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in George Gecewicz Portfolio Slideshow plugin <= 1.13.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23717 |
CVE-2023-23806 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davinder Singh Custom Settings plugin <= 1.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23806 |
CVE-2023-23816 | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sitemap Index plugin <= 1.2.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23816 |
CVE-2023-23817 | Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebArea | Vera Nedvyzhenko Simple PDF Viewer plugin <= 1.9 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23817 |
CVE-2023-23827 | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Google Maps v3 Shortcode plugin <= 1.2.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23827 |
CVE-2023-23832 | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ultimate WP Query Search Filter plugin <= 1.0.10 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23832 |
CVE-2023-25451 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill CPO Content Types plugin <= 1.1.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25451 |
CVE-2023-27425 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in James Irving-Swift Electric Studio Client Login plugin <= 0.8.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27425 |
CVE-2023-27614 | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox Motor Racing League plugin <= 1.9.9 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27614 |
CVE-2022-45074 | Cross-Site Request Forgery (CSRF) vulnerability in Paramveer Singh for Arete IT Private Limited Activity Reactions For Buddypress plugin <= 1.0.22 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45074 |
CVE-2022-45080 | Cross-Site Request Forgery (CSRF) vulnerability in KrishaWeb Add Multiple Marker plugin <= 1.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45080 |
CVE-2023-22686 | Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice PayPal Button Lite plugin <= 1.3.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22686 |
CVE-2023-23879 | Cross-Site Request Forgery (CSRF) vulnerability in Nicolas Zeh PHP Execution plugin <= 1.0.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23879 |
CVE-2023-2246 | A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2246 |
CVE-2023-31043 | EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands. The fixed versions are 10.23.33, 11.18.29, 12.13.17, 13.9.13, and 14.6.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31043 |
CVE-2023-23753 | The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQL Injection as concatenation is used to construct an SQL Query. An attacker can interact with the database and could be able to read, modify and delete data on it. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23753 |
CVE-2023-31056 | CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31056 |
CVE-2023-31059 | Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31059 |
CVE-2023-31060 | Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-2023-31059 for full compromise. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31060 |
CVE-2023-31061 | Repetier Server through 1.4.10 does not have CSRF protection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31061 |
CVE-2023-28131 | A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28131 |
CVE-2023-31081 | An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb->mux=NULL occurs, it executes vidtv_mux_stop_thread(dvb->mux). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31081 |
CVE-2023-31082 | An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31082 |
CVE-2023-31083 | An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31083 |
CVE-2023-31084 | An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31084 |
CVE-2023-31085 | An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31085 |
CVE-2023-30458 | A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of the supplied password. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30458 |
CVE-2023-30533 | SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30533 |
CVE-2023-22577 | Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22577 |
CVE-2023-22581 | White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22581 |
CVE-2023-25131 | Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the 'admin' password. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25131 |
CVE-2023-25132 | Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25132 |
CVE-2023-25133 | Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25133 |
CVE-2022-48476 | In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48476 |
CVE-2022-48477 | In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48477 |
CVE-2023-29578 | mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29578 |
CVE-2023-29579 | yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29579 |
CVE-2023-29582 | yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29582 |
CVE-2023-29583 | yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29583 |
CVE-2023-23892 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jamie Poitra M Chart plugin <= 1.9.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23892 |
CVE-2023-29570 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29570 |
CVE-2023-30368 | Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30368 |
CVE-2023-30369 | Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30369 |
CVE-2022-45084 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45084 |
CVE-2022-47158 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakpobox alfred24 Click & Collect plugin <= 1.1.7 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47158 |
CVE-2022-47598 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Plugins Pro WP Super Popup plugin <= 1.1.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47598 |
CVE-2023-24818 | RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24818 |
CVE-2023-24819 | RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24819 |
CVE-2023-24820 | RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset. Thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patch manually. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24820 |
CVE-2023-29479 | Ribose RNP before 0.16.3 may hang when the input is malformed. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29479 |
CVE-2023-29480 | Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29480 |
CVE-2023-29848 | Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29848 |
CVE-2023-29849 | Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29849 |
CVE-2023-2251 | Uncaught Exception in GitHub repository eemeli/yaml prior to 2.2.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2251 |
CVE-2023-30370 | In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30370 |
CVE-2023-30371 | In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-based buffer overflow vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30371 |
CVE-2023-30372 | In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30372 |
CVE-2023-30373 | In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30373 |
CVE-2023-30375 | In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-based buffer overflow vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30375 |
CVE-2023-30376 | In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30376 |
CVE-2023-30378 | In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30378 |
CVE-2023-24821 | RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset, thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24821 |
CVE-2023-24822 | RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception, leading to denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patches manually. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24822 |
CVE-2023-24823 | RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header. This occurs while encoding a 6LoWPAN IPHC header. The type confusion manifests in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, apply the patches manually. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24823 |
CVE-2023-27524 | Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27524 |
CVE-2023-30622 | Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment called `cluster-hub` inside the `clusternet-system` Kubernetes namespace, which runs on worker nodes randomly. The deployment has a service account called `clusternet-hub`, which has a cluster role called `clusternet:hub` via cluster role binding. The `clusternet:hub` cluster role has `"*" verbs of "*.*"` resources. Thus, if a malicious user can access the worker node which runs the clusternet, they can leverage the service account to do malicious actions to critical system resources. For example, the malicious user can leverage the service account to get ALL secrets in the entire cluster, resulting in cluster-level privilege escalation. Version 0.15.2 contains a fix for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30622 |
CVE-2023-30776 | An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30776 |
CVE-2022-41612 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shareaholic Similar Posts plugin <= 3.1.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41612 |
CVE-2023-22913 | A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data, resulting in denial-of-service (DoS) conditions on an affected device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22913 |
CVE-2023-22914 | A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22914 |
CVE-2023-22915 | A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22915 |
CVE-2023-22916 | The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22916 |
CVE-2023-22917 | A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22917 |
CVE-2023-26060 | An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26060 |
CVE-2023-26061 | An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26061 |
CVE-2023-26494 | lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume they were redirected to the homepage on login. Version 3.24.1 contains a fix.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26494 |
CVE-2023-30544 | Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with their account without the ownership verification performed during account registration. Operators of Kiwi TCMS should upgrade to v12.2 or later to receive a patch. No known workarounds exist. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30544 |
CVE-2023-30613 | Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an `.exe` file or a file containing embedded JavaScript and trick others into clicking on these files, causing vulnerable browsers to execute malicious code on another computer.\n\nKiwi TCMS v12.2 comes with functionality that allows administrators to configure additional upload validator functions which give them more control over what file types are accepted for upload. By default `.exe` are denied. Other files containing the `--redacted--S, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an `.exe` file or a file containing embedded JavaScript and trick others into clicking on these files, causing vulnerable browsers to execute malicious code on another computer.\n\nKiwi TCMS v12.2 comes with functionality that allows administrators to configure additional upload validator functions which give them more control over what file types are accepted for upload. By default `.exe` are denied. Other files containing the `<script>` tag, regardless of their type are also denied b/c they are a path to XSS attacks. There are no known workarounds aside from upgrading | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30613 |
CVE-2012-10013 | A vulnerability was found in Kau-Boy Backend Localization Plugin up to 1.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file backend_localization.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 43dc96defd7944da12ff116476a6890acd7dd24b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227231. | – | https://nvd.nist.gov/vuln/detail/CVE-2012-10013 |
CVE-2012-10014 | A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backend_localization_admin_settings/backend_localization_save_setting/backend_localization_login_form/localize_backend of the file backend_localization.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 36f457ee16dd114e510fd91a3ea9fbb3c1f87184. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227232. | – | https://nvd.nist.gov/vuln/detail/CVE-2012-10014 |
CVE-2023-22918 | A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22918 |
CVE-2023-26059 | An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26059 |
CVE-2023-26097 | An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26097 |
CVE-2023-26099 | An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consultation permission is insecure. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26099 |
CVE-2023-26865 | SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26865 |
CVE-2023-27848 | broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27848 |
CVE-2023-27849 | rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27849 |
CVE-2023-27990 | The XSS vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27990 |
CVE-2023-27991 | The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27991 |
CVE-2023-29566 | huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29566 |
CVE-2023-0276 | The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0276 |
CVE-2023-0388 | The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0388 |
CVE-2023-0418 | The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0418 |
CVE-2023-0420 | The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0420 |
CVE-2023-0424 | The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0424 |
CVE-2023-0899 | The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0899 |
CVE-2023-1020 | The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1020 |
CVE-2023-1126 | The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1126 |
CVE-2023-1129 | The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1129 |
CVE-2023-1324 | The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1324 |
CVE-2023-1414 | The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1414 |
CVE-2023-1420 | The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1420 |
CVE-2023-1435 | The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1435 |
CVE-2023-1623 | The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1623 |
CVE-2023-1624 | The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1624 |
CVE-2023-29780 | Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29780 |
CVE-2023-2257 | Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub \nBusiness space without being prompted to enter the password via an \nunimplemented "Force Login" security feature.\n\nThis vulnerability occurs only if "Force Login" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2257 |
CVE-2023-29530 | Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value, can cause an invalid message. This can lead to denial of service vectors or application errors. The problem has been patched in following versions 2.18.1, 2.19.1, 2.20.1, 2.21.1, 2.22.1, 2.23.1, 2.24.1, and 2.25.1. As a workaround, validate HTTP header keys and/or values, and if using user-supplied values, filter them to strip off leading or trailing newline characters before calling `withHeader()`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29530 |
CVE-2022-28354 | In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28354 |
CVE-2023-28484 | In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28484 |
CVE-2023-29469 | An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29469 |
CVE-2023-2006 | A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2006 |
CVE-2023-2019 | A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2019 |
CVE-2023-2250 | A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2250 |
CVE-2023-2258 | Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2258 |
CVE-2023-2259 | Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2259 |
CVE-2023-2260 | Improper Authorization of Index Containing Sensitive Information in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2260 |
CVE-2023-30626 | Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the `ClientLogController`, specifically `/ClientLog/Document`. When combined with a cross-site scripting vulnerability (CVE-2023-30627), this can result in file write and arbitrary code execution. Version 10.8.10 has a patch for this issue. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30626 |
CVE-2023-30627 | jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the `REST` endpoints with admin privileges. When combined with CVE-2023-30626, this results in remote code execution on the Jellyfin instance in the context of the user who's running it. This issue is patched in version 10.8.10. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30627 |
CVE-2023-30406 | Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30406 |
CVE-2023-30408 | Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30408 |
CVE-2023-30410 | Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_function_construct at /operations/ecma-function-object.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30410 |
CVE-2023-30414 | Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30414 |
CVE-2023-30623 | `embano1/wip` is a GitHub Action written in Bash. Prior to version 2, the `embano1/wip` action uses the `github.event.pull_request.title` parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This vulnerability can be triggered by any user on GitHub. They just need to create a pull request with a commit message containing an exploit. (Note that first-time PR requests will not be run - but the attacker can submit a valid PR before submitting an invalid PR). The commit can be genuine, but the commit message can be malicious. This can be used to execute code on the GitHub runners and can be used to exfiltrate any secrets used in the CI pipeline, including repository tokens. Version 2 has a fix for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30623 |
CVE-2023-30628 | Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior,\nthe `changelog.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz";echo${IFS}"hello";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. Commit 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 of the kiwitcms/Kiwi repository and commit e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 of the kiwitcms/enterprise repository contain a fix for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30628 |
CVE-2023-30629 | Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30629 |
CVE-2023-2007 | The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2007 |
CVE-2023-28771 | Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28771 |
CVE-2023-22665 | There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22665 |
CVE-2022-45837 | Reflected Cross-Site Scripting (XSS) vulnerability in Denis ???????? plugin <= 6.0.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45837 |
CVE-2023-25479 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25479 |
CVE-2023-25490 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25490 |
CVE-2023-25710 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGITALBLUE Click to Call or Chat Buttons plugin <= 1.4.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25710 |
CVE-2023-26098 | An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26098 |
CVE-2023-27619 | Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes Regina Lite theme <= 2.0.7 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27619 |
CVE-2022-42335 | x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handling it is possible for a guest with a PCI device passed through to cause the hypervisor to access an arbitrary pointer partially under guest control. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-42335 |
CVE-2023-25346 | A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25346 |
CVE-2023-25347 | A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25347 |
CVE-2023-25348 | ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25348 |
CVE-2023-26057 | An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26057 |
CVE-2023-26058 | An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26058 |
CVE-2023-26839 | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26839 |
CVE-2023-26840 | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to set a person to a user and set that user to be an Administrator. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26840 |
CVE-2023-26841 | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26841 |
CVE-2023-26843 | A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26843 |
CVE-2023-30417 | A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30417 |
CVE-2023-29779 | Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the 'Set_short_poll_interval' command. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29779 |
CVE-2023-2281 | When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2281 |
CVE-2023-27105 | A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27105 |
CVE-2022-31244 | Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31244 |
CVE-2023-25313 | OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25313 |
CVE-2023-25314 | Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25314 |
CVE-2023-29552 | The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29552 |
CVE-2023-30402 | YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30402 |
CVE-2022-47608 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47608 |
CVE-2023-25484 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliver Schlöbe Simple Yearly Archive plugin <= 2.1.8 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25484 |
CVE-2023-28847 | Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to 24.0.11 and 25.0.0 prior to 25.0.5; as well as Nextcloud Server Enterprise 23.0.0 prior to 23.0.12.6, 24.0.0 prior to 24.0.11, and 25.0.0 prior to 25.0.5; an attacker is not restricted in verifying passwords of share links so they can just start brute forcing the password. Nextcloud Server 24.0.11 and 25.0.5 and Nextcloud Enterprise Server 23.0.12.6, 24.0.11, and 25.0.5 contain a fix for this issue. No known workarounds are available. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28847 |
CVE-2023-23837 | No exception handling vulnerability which revealed sensitive or excessive information to users. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23837 |
CVE-2023-23838 | Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23838 |
CVE-2023-29200 | Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao 4.9.40, 4.13.21 or 5.1.4 to receive a patch. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29200 |
CVE-2023-30177 | CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30177 |
CVE-2023-30545 | PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30545 |
CVE-2021-23166 | A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-23166 |
CVE-2021-23176 | Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting information via crafted RPC packets. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-23176 |
CVE-2021-23178 | Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-23178 |
CVE-2021-23186 | A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-23186 |
CVE-2021-23203 | Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-23203 |
CVE-2021-26263 | Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-26263 |
CVE-2021-26947 | Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-26947 |
CVE-2021-44460 | Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permission it still holds, via crafted RPC requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-44460 |
CVE-2021-44461 | Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary web script in the browser of a victim. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-44461 |
CVE-2021-44465 | Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-44465 |
CVE-2021-44476 | A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-44476 |
CVE-2021-44547 | A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-44547 |
CVE-2021-44775 | Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-44775 |
CVE-2021-45071 | Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-45071 |
CVE-2021-45111 | Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-45111 |
CVE-2022-23721 | PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-23721 |
CVE-2022-40482 | The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\\Auth\\SessionGuard class when a user is found to not exist. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-40482 |
CVE-2022-40722 | A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-40722 |
CVE-2022-40723 | The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-40723 |
CVE-2022-40724 | The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-40724 |
CVE-2022-40725 | PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-40725 |
CVE-2022-45291 | PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endpoints. A contributing factor is a hardcoded login password of support, which is not documented. (This is not the same as the documented setup password, which is 12345.) The issue was fixed in late 2022. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45291 |
CVE-2023-25485 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bernhard Kux JSON Content Importer plugin <= 1.3.15 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25485 |
CVE-2023-25793 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in George Pattihis Link Juice Keeper plugin <= 2.0.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25793 |
CVE-2023-28086 | An HPE OneView appliance dump may expose proxy credential settings | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28086 |
CVE-2023-28087 | An HPE OneView appliance dump may expose OneView user accounts | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28087 |
CVE-2023-28088 | An HPE OneView appliance dump may expose SAN switch administrative credentials | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28088 |
CVE-2023-28089 | An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28089 |
CVE-2023-28090 | An HPE OneView appliance dump may expose SNMPv3 read credentials | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28090 |
CVE-2023-2282 | Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2282 |
CVE-2023-30838 | PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup `@keyframes` methods. This XSS, which hijacks HTML attributes, can be triggered without any interaction by the visitor/administrator, which makes it as dangerous as a trivial XSS attack. Contrary to other attacks which target HTML attributes and are triggered without user interaction (such as onload / onerror which suffer from a very limited scope), this one can hijack every HTML element, which increases the danger due to a complete HTML elements scope. Versions 8.0.4 and 1.7.8.9 contain a fix for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30838 |
CVE-2023-30839 | PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30839 |
CVE-2023-23710 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23710 |
CVE-2023-23866 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Carlos Moreira Interactive Geo Maps plugin <= 1.5.8 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23866 |
CVE-2023-23889 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23889 |
CVE-2023-23995 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin <= 1.1.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23995 |
CVE-2023-24005 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin <= 2.5.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24005 |
CVE-2023-25461 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in namithjawahar Wp-Insert plugin <= 2.5.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25461 |
CVE-2023-25652 | Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25652 |
CVE-2023-25815 | In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\\mingw64\\share\\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\\` (and since `C:\\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1.\n\nThis vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\\`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25815 |
CVE-2023-28084 | HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28084 |
CVE-2023-20871 | VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20871 |
CVE-2023-20872 | VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20872 |
CVE-2023-23839 | The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23839 |
CVE-2023-24512 | On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24512 |
CVE-2023-29007 | Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29007 |
CVE-2023-29011 | Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\\etc\\connectrc`. Since `C:\\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `<drive>:\\etc\\connectrc` files on multi-user machines. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29011 |
CVE-2023-29012 | Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29012 |
CVE-2023-2269 | A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2269 |
CVE-2023-2293 | A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been classified as problematic. This affects an unknown part of the file classes/Master.php?f=save_item. The manipulation of the argument description with the input --redacted-- leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227463 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2293 |
CVE-2023-30549 | Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0, installations that include apptainer-suid < 1.1.8, and all versions of Singularity in their default configurations on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation.\n\nApptainer 1.1.8 includes a patch that by default disables mounting of extfs filesystem types in setuid-root mode, while continuing to allow mounting of extfs filesystems in non-setuid "rootless" mode using fuse2fs.\n\nSome workarounds are possible. Either do not install apptainer-suid (for versions 1.1.0 through 1.1.7) or set `allow setuid = no` in apptainer.conf (or singularity.conf for singularity versions). This requires having unprivileged user namespaces enabled and except for apptainer 1.1.x versions will disallow mounting of sif files, extfs files, and squashfs files in addition to other, less significant impacts. (Encrypted sif files are also not supported unprivileged in apptainer 1.1.x.). Alternatively, use the `limit containers` options in apptainer.conf/singularity.conf to limit sif files to trusted users, groups, and/or paths, and set `allow container extfs = no` to disallow mounting of extfs overlay files. The latter option by itself does not disallow mounting of extfs overlay partitions inside SIF files, so that's why the former options are also needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30549 |
CVE-2023-30609 | matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. No cross-site scripting attack is possible due to the hardcoded content security policy. Version 3.71.0 of the SDK patches over the issue. As a workaround, restarting the client will clear the HTML injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30609 |
CVE-2023-20869 | VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20869 |
CVE-2023-20870 | VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20870 |
CVE-2023-30842 | AVideo is an open-source video platform. Prior to version 12.4, AVideo is vulnerable to remote code execution when an attacker embeds a malicious video link. This issue is fixed in version 12.4. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30842 |
CVE-2023-0045 | The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.\n\nWe recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0045 |
CVE-2023-31223 | Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31223 |