Published on 03 May 2023 | Updated on 03 May 2023
SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.
The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:
Critical | vulnerabilities with a base score of 9.0 to 10.0 |
High | vulnerabilities with a base score of 7.0 to 8.9 |
Medium | vulnerabilities with a base score of 4.0 to 6.9 |
Low | vulnerabilities with a base score of 0.1 to 3.9 |
None | vulnerabilities with a base score of 0.0 |
For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2023-30547 | vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-30547 |
CVE-2021-33972 | Buffer Overflow vulnerability in Qihoo 360 Safe Browser v13.0.2170.0 allows attacker to escalate priveleges. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2021-33972 |
CVE-2021-33975 | Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 allows attacker to escalate privileges. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2021-33975 |
CVE-2021-33970 | Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2021-33970 |
CVE-2018-3863 | On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "user" value in order to exploit this vulnerability. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2018-3863 |
CVE-2018-3867 | An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2018-3867 |
CVE-2018-3874 | An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2018-3874 |
CVE-2023-22946 | In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This affects architectures relying on proxy-user, for example those using Apache Livy to manage submitted applications.\n\nUpdate to Apache Spark 3.4.0 or later, and ensure that \nspark.submit.proxyUser.allowCustomClasspathInClusterMode is set to its \ndefault of "false", and is not overridden by submitted applications.\n\n\n | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22946 |
CVE-2016-2141 | It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-2141 |
CVE-2016-5681 | Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-5681 |
CVE-2016-1558 | Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-1558 |
CVE-2015-7246 | D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-7246 |
CVE-2015-7247 | D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-7247 |
CVE-2017-9542 | D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-9542 |
CVE-2017-12943 | D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12943 |
CVE-2014-7857 | D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2014-7857 |
CVE-2014-7858 | The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2014-7858 |
CVE-2014-7859 | Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2014-7859 |
CVE-2016-10405 | Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-10405 |
CVE-2017-14417 | register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14417 |
CVE-2017-14421 | D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14421 |
CVE-2017-14429 | The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14429 |
CVE-2015-1187 | The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-1187 |
CVE-2017-15909 | D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-15909 |
CVE-2017-3191 | D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-3191 |
CVE-2017-3192 | D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-3192 |
CVE-2018-6530 | OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-6530 |
CVE-2018-9284 | authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-9284 |
CVE-2014-8888 | The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue." | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2014-8888 |
CVE-2015-0150 | The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-0150 |
CVE-2015-0152 | D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-0152 |
CVE-2018-10106 | D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10106 |
CVE-2018-11013 | Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-11013 |
CVE-2018-10968 | On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10968 |
CVE-2018-8898 | A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-8898 |
CVE-2018-6213 | In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-6213 |
CVE-2018-17063 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-17063 |
CVE-2018-17064 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-17064 |
CVE-2018-17065 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-17065 |
CVE-2018-17066 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-17066 |
CVE-2018-17067 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-17067 |
CVE-2018-17068 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-17068 |
CVE-2018-17786 | On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-17786 |
CVE-2018-17787 | On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-17787 |
CVE-2018-17881 | On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-17881 |
CVE-2018-17440 | An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-17440 |
CVE-2018-14081 | An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-14081 |
CVE-2018-10824 | An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10824 |
CVE-2018-20056 | An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-20056 |
CVE-2018-20305 | D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-20305 |
CVE-2018-20389 | D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-20389 |
CVE-2019-7297 | An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-7297 |
CVE-2019-9123 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-9123 |
CVE-2019-9124 | An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank password. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-9124 |
CVE-2019-9125 | An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-9125 |
CVE-2018-19300 | On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-19300 |
CVE-2018-19986 | In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $path_inf_wan1."/web" internal configuration memory without any regex checking. And in the IPTWAN_build_command function of the iptwan.php source code, the data in $path_inf_wan1."/web" is used with the iptables command without any regex checking. A vulnerable /HNAP1/SetRouterSettings XML message could have shell metacharacters in the RemotePort element such as the `telnetd` string. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-19986 |
CVE-2018-19987 | D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-19987 |
CVE-2018-19988 | In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. It needs to bypass the wget command option with a single quote. A vulnerable /HNAP1/SetClientInfoDemo XML message could have single quotes and backquotes in the AudioMute or AudioEnable element, such as the '`telnetd`' string. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-19988 |
CVE-2018-19989 | In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth internal configuration memory without any regex checking. And in the bwc_tc_spq_start, bwc_tc_wfq_start, and bwc_tc_adb_start functions of the bwcsvcs.php source code, the data in /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth is used with the tc command without any regex checking. A vulnerable /HNAP1/SetQoSSettings XML message could have shell metacharacters in the uplink element such as the `telnetd` string. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-19989 |
CVE-2018-19990 | In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability affects D-Link DIR-822 B1 202KRb06 devices. In the SetWiFiVerifyAlpha.php source code, the WPSPIN parameter is saved in the $rphyinf1."/media/wps/enrollee/pin" and $rphyinf2."/media/wps/enrollee/pin" and $rphyinf3."/media/wps/enrollee/pin" internal configuration memory without any regex checking. And in the do_wps function of the wps.php source code, the data in $rphyinf3."/media/wps/enrollee/pin" is used with the wpatalk command without any regex checking. A vulnerable /HNAP1/SetWiFiVerifyAlpha XML message could have shell metacharacters in the WPSPIN element such as the `telnetd` string. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-19990 |
CVE-2017-8408 | An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the GET parameters passed in this request (to test if SMB credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "cgibox" is the one that has the vulnerable function "sub_7EAFC" that receives the values sent by the GET request. If we open this binary in IDA-pro we will notice that this follows a ARM little endian format. The function sub_7EAFC in IDA pro is identified to be receiving the values sent in the GET request and the value set in GET parameter "user" is extracted in function sub_7E49C which is then passed to the vulnerable system API call. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-8408 |
CVE-2013-4857 | D-Link DIR-865L has PHP File Inclusion in the router xml file. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2013-4857 |
CVE-2019-18269 | \nOmron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability. \n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-18269 |
CVE-2013-7052 | D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2013-7052 |
CVE-2013-7055 | D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2013-7055 |
CVE-2020-6841 | D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6841 |
CVE-2019-18666 | An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-18666 |
CVE-2020-15892 | An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length of 15 characters. The problem is that validation is being done on the client side, hence it can be bypassed. When an attacker manages to intercept the login request (POST based) and tampers with the vulnerable parameter (log_pass), to a larger length, the request will be forwarded to the webserver. This results in a stack-based buffer overflow. A few other POST variables, (transferred as part of the login request) are also vulnerable: html_response_page and log_user. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-15892 |
CVE-2020-15893 | An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-15893 |
CVE-2019-6258 | D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-6258 |
CVE-2020-29557 | An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-29557 |
CVE-2022-26258 | D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26258 |
CVE-2022-28346 | An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28346 |
CVE-2022-28347 | A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28347 |
CVE-2022-28005 | An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28005 |
CVE-2022-34265 | An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34265 |
CVE-2022-37434 | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-37434 |
CVE-2021-42627 | The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42627 |
CVE-2022-45907 | In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45907 |
CVE-2022-4272 | A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4272 |
CVE-2022-46764 | A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46764 |
CVE-2023-24348 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24348 |
CVE-2023-24349 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24349 |
CVE-2023-24350 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24350 |
CVE-2023-24351 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24351 |
CVE-2023-24352 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24352 |
CVE-2022-47986 | \nIBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47986 |
CVE-2023-28531 | ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28531 |
CVE-2023-28631 | comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with `parse_document`. This AST can then be converted to HTML via `html::format_document_with_plugins`. However, the HTML formatting code assumes that the AST is well-formed. For example, many AST notes contain `[u8]` fields which the formatting code assumes is valid UTF-8 data. Several bugs can be triggered if this is not the case. Version 0.17.0 contains adjustments to the AST, storing strings instead of unvalidated byte arrays. Users are advised to upgrade. Users unable to upgrade may manually validate UTF-8 correctness of all data when assigning to `&[u8]` and `Vec<u8>` fields in the AST. This issue is also tracked as `GHSL-2023-049`. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28631 |
CVE-2022-36983 | This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15919. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36983 |
CVE-2023-25076 | A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25076 |
CVE-2023-1671 | A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1671 |
CVE-2020-29007 | The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticated anonymous users) to execute arbitrary Scheme or shell code by using crafted {{Image data to generate musical scores containing malicious code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-29007 |
CVE-2023-24831 | Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3.\n\nAttackers could login without authorization. This is fixed in 0.13.4. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24831 |
CVE-2023-30770 | A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30770 |
CVE-2023-30771 | Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database.\n\nThis problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30771 |
CVE-2023-27844 | SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and before allow a remote attacker to gain privileges via the Dispatcher::getController component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27844 |
CVE-2023-1873 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faturamatik Bircard allows SQL Injection.This issue affects Bircard: before 23.04.05.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1873 |
CVE-2023-29665 | D-Link DIR823G_V1.0.2B05 was discovered to contain a stack overflow via the NewPassword parameters in SetPasswdSettings. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29665 |
CVE-2023-2130 | A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2130 |
CVE-2023-30769 | Vulnerability discovered is related to the peer-to-peer (p2p) communications, attackers can craft consensus messages, send it to individual nodes and take them offline. An attacker can crawl the network peers using getaddr message and attack the unpatched nodes. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30769 |
CVE-2021-33797 | Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33797 |
CVE-2023-24501 | Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24501 |
CVE-2023-28962 | An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S6; 21.1 version 21.1R1 and later versions; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28962 |
CVE-2023-2138 | Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-module prior to 1.6.2. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2138 |
CVE-2021-40506 | An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated for the msb and mac instructions, which results in an incorrect value in the overflow flag. Any software that relies on this flag may experience corruption in execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40506 |
CVE-2021-40507 | An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated correctly for the subtract instruction, which results in an incorrect value in the overflow flag. Any software that relies on this flag may experience corruption in execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40507 |
CVE-2023-2146 | A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226267. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2146 |
CVE-2023-2147 | A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/students/view_details.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226268. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2147 |
CVE-2022-46640 | Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46640 |
CVE-2023-2151 | A vulnerability, which was classified as critical, was found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file manage_student.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226272. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2151 |
CVE-2023-2152 | A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226273 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2152 |
CVE-2023-2160 | Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2160 |
CVE-2023-25549 | \n\n\n\n\n\n\nA CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that\nallows for remote code execution when using a parameter of the DCE network settings\nendpoint. \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25549 |
CVE-2023-25550 | \n\n\n\n\n\n\n\n\nA CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that\nallows remote code execution via the “hostname” parameter when maliciously crafted hostname\nsyntax is entered.\n\n \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25550 |
CVE-2023-28839 | Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this issue. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28839 |
CVE-2023-29411 | \nA CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow\nchanges to administrative credentials, leading to potential remote code execution without\nrequiring prior authentication on the Java RMI interface. \n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29411 |
CVE-2023-29412 | \n\n\nA CWE-78: Improper Handling of Case Sensitivity vulnerability exists that could cause remote\ncode execution when manipulating internal methods through Java RMI interface.\n\n \n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29412 |
CVE-2023-28004 | \n\n\nA CWE-129: Improper validation of an array index vulnerability exists where a specially crafted\nEthernet request could result in denial of service or remote code execution. \n\n \n\n \n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28004 |
CVE-2021-28254 | A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-28254 |
CVE-2023-20862 | In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20862 |
CVE-2014-125099 | A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The name of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2014-125099 |
CVE-2023-29926 | PowerJob V4.3.2 has unauthorized interface that causes remote code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29926 |
CVE-2023-27350 | This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27350 |
CVE-2023-30076 | Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judges.php?print_judges.php=&se_name=&sub_event_id=. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30076 |
CVE-2023-20864 | VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20864 |
CVE-2023-20873 | In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20873 |
CVE-2023-2131 | Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2131 |
CVE-2023-2206 | A vulnerability classified as critical has been found in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file contactus.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226971. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2206 |
CVE-2023-2215 | A vulnerability classified as critical has been found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226980. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2215 |
CVE-2023-2217 | A vulnerability, which was classified as critical, was found in SourceCodester Task Reminder System 1.0. This affects an unknown part of the file /admin/reminders/manage_reminder.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226983. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2217 |
CVE-2023-2218 | A vulnerability has been found in SourceCodester Task Reminder System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226984. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2218 |
CVE-2023-29924 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29924 |
CVE-2023-30621 | Gipsy is a multi-purpose discord bot which aim to be as modular and user-friendly as possible. In versions prior to 1.3 users can run command on the host machine with sudoer permission. The `!ping` command when provided with an IP or hostname used to run a bash `ping <IP>` without verification that the IP or hostname was legitimate. This command was executed with root permissions and may lead to arbitrary command injection on the host server. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30621 |
CVE-2023-2244 | A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects an unknown part of the file /admin/orders/update_status.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227229 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2244 |
CVE-2023-2245 | A vulnerability was found in hansunCMS 1.4.3. It has been declared as critical. This vulnerability affects unknown code of the file /ueditor/net/controller.ashx?action=catchimage. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227230 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2245 |
CVE-2023-2246 | A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2246 |
CVE-2023-23753 | The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQL Injection as concatenation is used to construct an SQL Query. An attacker can interact with the database and could be able to read, modify and delete data on it. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23753 |
CVE-2023-31060 | Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-2023-31059 for full compromise. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31060 |
CVE-2023-22581 | White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22581 |
CVE-2023-25132 | Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25132 |
CVE-2023-25133 | Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25133 |
CVE-2022-48477 | In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48477 |
CVE-2023-30368 | Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30368 |
CVE-2023-30369 | Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30369 |
CVE-2023-30370 | In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30370 |
CVE-2023-30371 | In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-based buffer overflow vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30371 |
CVE-2023-30372 | In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30372 |
CVE-2023-30373 | In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30373 |
CVE-2023-30375 | In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-based buffer overflow vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30375 |
CVE-2023-30376 | In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30376 |
CVE-2023-30378 | In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30378 |
CVE-2023-27524 | Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27524 |
CVE-2023-1020 | The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1020 |
CVE-2023-20852 | aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20852 |
CVE-2023-20853 | aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20853 |
CVE-2023-28697 | Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28697 |
CVE-2023-2136 | Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-2136 |
CVE-2023-1892 | Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-1892 |
CVE-2023-28131 | A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc). | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-28131 |
CVE-2022-48312 | The HwPCAssistant module has the out-of-bounds read/write vulnerability. Successful exploitation of this vulnerability may affect confidentiality and integrity. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-48312 |
CVE-2023-28863 | AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28863 |
CVE-2023-2193 | Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.\n | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2193 |
CVE-2023-26556 | io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.) | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26556 |
CVE-2022-45064 | The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power.\n\n\n\n\nPlease update to Apache Sling Engine >= 2.14.0 and enable the "Check Content-Type overrides" configuration option.\n\n\n\n\n | 9 | https://nvd.nist.gov/vuln/detail/CVE-2022-45064 |
CVE-2023-29207 | XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro that is included since XWiki 3.5M1 and doesn't require script rights, this can be demonstrated with the syntax `{{documents id="example" count="5" actions="false" columns="doc.title, before--redacted--after"/}}`. Therefore, this can also be exploited by users without script right and in comments. With the interaction of a user with more rights, this could be used to execute arbitrary actions in the wiki, including privilege escalation, remote code execution, information disclosure, modifying or deleting content. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10.\ | 9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29207 |
CVE-2023-29528 | XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid HTML comments. As a consequence, any code relying on this "restricted" mode for security is vulnerable to JavaScript injection ("cross-site scripting"/XSS). When a privileged user with programming rights visits such a comment in XWiki, the malicious JavaScript code is executed in the context of the user session. This allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. This problem has been patched in XWiki 14.10, HTML comments are now removed in restricted mode and a check has been introduced that ensures that comments don't start with `>`. There are no known workarounds apart from upgrading to a version including the fix.\n | 9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29528 |
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2016-0989 | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-0989 |
CVE-2016-0999 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-1000. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-0999 |
CVE-2017-6411 | Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-6411 |
CVE-2017-5874 | CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-5874 |
CVE-2017-7398 | D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-7398 |
CVE-2017-7852 | D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-7852 |
CVE-2017-7851 | D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-7851 |
CVE-2017-3193 | Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-3193 |
CVE-2018-5371 | diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-5371 |
CVE-2018-8941 | Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-8941 |
CVE-2015-0151 | Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-0151 |
CVE-2017-17020 | On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-17020 |
CVE-2018-10713 | An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10713 |
CVE-2018-10746 | An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10746 |
CVE-2018-10747 | An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10747 |
CVE-2018-10748 | An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10748 |
CVE-2018-10749 | An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10749 |
CVE-2018-10750 | An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10750 |
CVE-2018-10957 | CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10957 |
CVE-2018-10967 | On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10967 |
CVE-2018-3865 | An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "cameraIp" value in order to exploit this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3865 |
CVE-2018-17442 | An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-17442 |
CVE-2018-10823 | An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10823 |
CVE-2018-20057 | An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-20057 |
CVE-2019-9122 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntp_server parameter in an ntp_sync.cgi POST request. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-9122 |
CVE-2019-13263 | D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13263 |
CVE-2019-13264 | D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13264 |
CVE-2019-13265 | D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13265 |
CVE-2013-4855 | D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2013-4855 |
CVE-2013-7051 | D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2013-7051 |
CVE-2013-7053 | D-Link DIR-100 4.03B07: cli.cgi CSRF | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2013-7053 |
CVE-2020-9534 | fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup webpage parameter when f_radius_ip1 is malformed. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-9534 |
CVE-2020-9535 | fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup_Wizard webpage parameter when f_radius_ip1 is malformed. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-9535 |
CVE-2020-15633 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-10835. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-15633 |
CVE-2020-24579 | An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-24579 |
CVE-2021-27248 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-27248 |
CVE-2021-27249 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11369. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-27249 |
CVE-2021-39537 | An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-39537 |
CVE-2021-34861 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12104. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-34861 |
CVE-2021-34862 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13270. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-34862 |
CVE-2021-34863 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:page parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13271. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-34863 |
CVE-2022-33891 | The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33891 |
CVE-2022-36359 | An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36359 |
CVE-2022-46763 | A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46763 |
CVE-2023-21549 | Windows SMB Witness Service Elevation of Privilege Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21549 |
CVE-2023-21674 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21674 |
CVE-2023-21676 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21676 |
CVE-2023-21681 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21681 |
CVE-2023-21732 | Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21732 |
CVE-2023-21742 | Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21742 |
CVE-2023-21744 | Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21744 |
CVE-2023-24343 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24343 |
CVE-2023-24344 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24344 |
CVE-2023-24345 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24345 |
CVE-2023-24346 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24346 |
CVE-2023-24347 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24347 |
CVE-2023-22579 | Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22579 |
CVE-2023-25358 | A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25358 |
CVE-2023-25360 | A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25360 |
CVE-2023-25361 | A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25361 |
CVE-2023-25362 | A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25362 |
CVE-2023-25363 | A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25363 |
CVE-2023-27475 | Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version 0.6.0, users are advised to upgrade. There are no known workarounds for this issue. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27475 |
CVE-2022-27645 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27645 |
CVE-2023-28205 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28205 |
CVE-2023-22612 | An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22612 |
CVE-2023-22613 | An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22613 |
CVE-2023-2033 | Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2033 |
CVE-2021-45464 | kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-45464 |
CVE-2023-29211 | XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights `WikiManager.DeleteWiki` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the `wikiId` url parameter. The problem has been patched on XWiki 13.10.11, 14.4.7, and 14.10. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29211 |
CVE-2023-29212 | XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included pages in the included documents edit panel. The problem has been patched on XWiki 14.4.7, and 14.10. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29212 |
CVE-2023-29214 | XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included pages in the IncludedDocuments panel. The problem has been patched on XWiki 14.4.7, and 14.10. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29214 |
CVE-2023-29511 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the section ids in `XWiki.AdminFieldsDisplaySheet`. This page is installed by default. The vulnerability has been patched in XWiki versions 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29511 |
CVE-2023-30537 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with the right to add an object on a page can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the styles properties `FlamingoThemesCode.WebHome`. This page is installed by default. The vulnerability has been patched in XWiki versions 13.10.11, 14.4.7 and 14.10. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30537 |
CVE-2023-30542 | OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (`propose`) in `GovernorCompatibilityBravo` allows the creation of proposals with a `signatures` array shorter than the `calldatas` array. This causes the additional elements of the latter to be ignored, and if the proposal succeeds the corresponding actions would eventually execute without any calldata. The `ProposalCreated` event correctly represents what will eventually execute, but the proposal parameters as queried through `getActions` appear to respect the original intended calldata. This issue has been patched in 4.8.3. As a workaround, ensure that all proposals that pass through governance have equal length `signatures` and `calldatas` parameters. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30542 |
CVE-2023-1109 | In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1109 |
CVE-2023-2017 | Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\\Core\\Framework\\Adapter\\Twig\\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. Users are advised to upgrade to v6.4.20.1 to resolve this issue. This is a bypass of CVE-2023-22731.\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2017 |
CVE-2023-27755 | go-bbs v1 was discovered to contain an arbitrary file download vulnerability via the component /api/v1/download. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27755 |
CVE-2023-29213 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of `org.xwiki.platform:xwiki-platform-logging-ui` it is possible to trick a user with programming rights into visiting a constructed url where e.g., by embedding an image with this URL in a document that is viewed by a user with programming rights which will evaluate an expression in the constructed url and execute it. This issue has been addressed in versions 13.10.11, 14.4.7, and 14.10. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29213 |
CVE-2023-30539 | Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system tag based files access control or files retention rules. It is recommended that the Nextcloud Server is upgraded to 24.0.11 or 25.0.5, the Nextcloud Enterprise Server to 21.0.9.11, 22.2.10.11, 23.0.12.6, 24.0.11 or 25.0.5, and the Nextcloud Files automated tagging app to 1.11.1, 1.12.1, 1.13.1, 1.14.2, 1.15.3 or 1.16.1. Users unable to upgrade should disable all workflow related apps. Users are advised to upgrade. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30539 |
CVE-2021-41612 | An issue was discovered in the ALU unit of the OpenRISC mor1kx processor. The carry flag is not being updated correctly for the subtract instruction, which results in an incorrect value of the carry flag. Any software that relies on this flag may experience corruption in execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-41612 |
CVE-2023-27976 | \nA CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause\nremote code execution when a valid user visits a malicious link provided through the web\nendpoints. Affected Products: EcoStruxure Control Expert (V15.1 and above) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27976 |
CVE-2023-25556 | \nA CWE-287: Improper Authentication vulnerability exists that could allow a device to be\ncompromised when a key of less than seven digits is entered and the attacker has access to the\nKNX installation.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25556 |
CVE-2023-22294 | Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22294 |
CVE-2023-25547 | \nA CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution\non upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25547 |
CVE-2023-28003 | \n\n\nA CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to\nmaintain unauthorized access over a hijacked session in PME after the legitimate user has\nsigned out of their account.\n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28003 |
CVE-2023-29410 | \nA CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated\nattacker to gain the same privilege as the application on the server when a malicious payload is\nprovided over HTTP for the server to execute. \n\n \n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29410 |
CVE-2023-29510 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In XWiki, every user can add translations that are only applied to the current user. This also allows overriding existing translations. Such translations are often included in privileged contexts without any escaping which allows remote code execution for any user who has edit access on at least one document which could be the user's own profile where edit access is enabled by default. A mitigation for this vulnerability is part of XWiki 14.10.2 and XWiki 15.0 RC1: translations with user scope now require script right. This means that regular users cannot exploit this anymore as users don't have script right by default anymore starting with XWiki 14.10. There are no known workarounds apart from upgrading to a patched versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29510 |
CVE-2023-29512 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the information loaded from attachments in `imported.vm`, `importinline.vm`, and `packagelist.vm`. This page is installed by default. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29512 |
CVE-2023-29514 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on any document (e.g., their own user profile) can execute code with programming rights, leading to remote code execution. This vulnerability has been patched in XWiki 13.10.11, 14.4.8, 14.10.1 and 15.0 RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29514 |
CVE-2023-29516 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on `XWiki.AttachmentSelector` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping in the "Cancel and return to page" button. This page is installed by default. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. There are no known workarounds for this vulnerability.\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29516 |
CVE-2023-29518 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of `Invitation.InvitationCommon`. This page is installed by default. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29518 |
CVE-2023-29519 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own dashboard. Note that the vulnerability does not impact comments of a wiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.8, 14.10.2, 15.0-rc-1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29519 |
CVE-2023-29521 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of `Macro.VFSTreeMacro`. This page is not installed by default.This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.2, 14.4.8, 13.10.11. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29521 |
CVE-2023-29522 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. This issue has been patched in XWiki 14.4.8, 14.10.3 and 15.0RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29522 |
CVE-2023-29523 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The same vulnerability can also be exploited in other contexts where the `display` method on a document is used to display a field with wiki syntax, for example in applications created using `App Within Minutes`. This has been patched in XWiki 13.10.11, 14.4.8, 14.10.2 and 15.0RC1. There is no workaround apart from upgrading. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29523 |
CVE-2023-29524 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute anything with the right of the Scheduler Application sheet page. A user without script or programming rights, edit your user profile with the object editor and add a new object of type XWiki.SchedulerJobClass, In "Job Script", groovy code can be added and will be executed in the server context on viewing. This has been patched in XWiki 14.10.3 and 15.0 RC1. Users are advised to upgrade. There are no known workarounds for this issue. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29524 |
CVE-2023-29525 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the `since` parameter of the `/xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration` endpoint. This provides an XWiki syntax injection attack via the since-parameter, allowing privilege escalation from view to programming rights and subsequent code execution privilege. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8 and 14.10.3. Users are advised to upgrade. Users unable to upgrade may modify the page `XWiki.Notifications.Code.LegacyNotificationAdministration` to add the missing escaping. For versions < 14.6-rc-1 a workaround is to modify the file `<xwikiwebapp>/templates/distribution/eventmigration.wiki` to add the missing escaping. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29525 |
CVE-2023-29526 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to display or interact with any page a user cannot access through the combination of the async and display macros. A comment with either macro will be executed when viewed providing a code injection vector in the context of the running server. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29526 |
CVE-2023-29527 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile (or any other document) with the wiki editor and add groovy script content. Viewing the document after saving it will execute the groovy script in the server context which provides code execution. This vulnerability has been patched in XWiki 15.0-rc-1 and 14.10.3. Users are advised to upgrade. There are no known workarounds for this issue. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29527 |
CVE-2023-2133 | Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2133 |
CVE-2023-2134 | Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2134 |
CVE-2023-2137 | Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2137 |
CVE-2022-4308 | Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4308 |
CVE-2023-22645 | An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22645 |
CVE-2023-25760 | Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25760 |
CVE-2021-33974 | Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Chrome (https://browser.360.cn/ee/) is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: This is a set of vulnerabilities affecting popular software, and the installation packages correspond to versions "360 Safeguard(12.1.0.1004,12.1.0.1005,13.1.0.1001)" , "360 Total Security(10.8.0.1060,10.8.0.1213)", "360 Safe Browser & 360 Chrome(12. The attack vector is: On the browser vulnerability, just open a link to complete the vulnerability exploitation remotely; on the client software, you need to locally execute the vulnerability exploitation program, which of course can be achieved with the full chain of browser vulnerability. ¶¶ This is a set of the most serious vulnerabilities that exist on Qihoo 360's PC client multiple popular software, remote vulnerabilities can be accomplished by opening a link to arbitrary code execution on both security browsers, in conjunction with the exploitation of local vulnerabilities that allow spyware to persist without being scanned to permanently reside on the target PC computer (because local vulnerabilities target Qihoo 360 company's antivirus software kernel flaws); this set of remote and local vulnerabilities in perfect coordination, to achieve an information security fallacy, on Qihoo 360's antivirus software vulnerability, not only can not be scanned out of the virus, but will help the virus persistently control the target computer, while Qihoo 360 claims to be a secure browser, which exists in the kernel vulnerability but help the composition of the remote vulnerability.(Security expert "Memory Corruptor" have reported this set of vulnerabilities to the corresponding vendor, all vulnerabilities have been fixed and the vendor rewarded thousands of dollars to this security expert) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33974 |
CVE-2023-26876 | SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26876 |
CVE-2023-2240 | Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2240 |
CVE-2023-25507 | NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25507 |
CVE-2023-2242 | A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component GET Parameter Handler. The manipulation of the argument c/s leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227227. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2242 |
CVE-2023-2243 | A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file users/registration.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227228. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2243 |
CVE-2022-4944 | A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.50 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227000. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4944 |
CVE-2022-45074 | Cross-Site Request Forgery (CSRF) vulnerability in Paramveer Singh for Arete IT Private Limited Activity Reactions For Buddypress plugin <= 1.0.22 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45074 |
CVE-2022-45080 | Cross-Site Request Forgery (CSRF) vulnerability in KrishaWeb Add Multiple Marker plugin <= 1.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45080 |
CVE-2023-22686 | Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice PayPal Button Lite plugin <= 1.3.5 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22686 |
CVE-2023-23879 | Cross-Site Request Forgery (CSRF) vulnerability in Nicolas Zeh PHP Execution plugin <= 1.0.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23879 |
CVE-2023-31061 | Repetier Server through 1.4.10 does not have CSRF protection. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31061 |
CVE-2023-29849 | Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29849 |
CVE-2023-24836 | SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24836 |
CVE-2021-23186 | A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system. | 8.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-23186 |
CVE-2018-15517 | The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2018-15517 |
CVE-2023-26360 | Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-26360 |
CVE-2020-17354 | LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-17354 |
CVE-2023-22615 | An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM. | 8.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22615 |
CVE-2023-21775 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21775 |
CVE-2023-21795 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21795 |
CVE-2023-21796 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21796 |
CVE-2018-3915 | An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-3915 |
CVE-2023-1668 | A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-1668 |
CVE-2023-28960 | An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then inadvertently start the Docker container leading to the malicious files being executed as root. This issue only affects systems with Docker configured and enabled, which is not enabled by default. Systems without Docker started are not vulnerable to this issue. This issue affects Juniper Networks Junos OS Evolved: 20.4 versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-28960 |
CVE-2023-25506 | NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-25506 |
CVE-2016-10125 | D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-10125 |
CVE-2016-1559 | D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-1559 |
CVE-2017-14418 | The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-14418 |
CVE-2018-10641 | D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-10641 |
CVE-2019-16255 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-16255 |
CVE-2022-27438 | Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-27438 |
CVE-2022-43548 | A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-43548 |
CVE-2020-10650 | A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-10650 |
CVE-2023-21535 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21535 |
CVE-2023-21543 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21543 |
CVE-2023-21546 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21546 |
CVE-2023-21548 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21548 |
CVE-2023-21555 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21555 |
CVE-2023-21556 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21556 |
CVE-2023-21679 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21679 |
CVE-2023-25552 | \n\n\nA CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized\ncontent, changes or deleting of content, or performing unauthorized functions when tampering\nthe Device File Transfer settings on DCE endpoints. \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25552 |
CVE-2023-25555 | \n\n\n\n\n\n\n\n\n\n\n\n\n\n\nA CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS\nCommand Injection') vulnerability exists that could allow a user that knows the credentials to\nexecute unprivileged shell commands on the appliance over SSH. \n\n \n\n\n\n\n\n \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25555 |
CVE-2023-21712 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21712 |
CVE-2017-5633 | Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2017-5633 |
CVE-2018-12710 | An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2018-12710 |
CVE-2020-24581 | An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2020-24581 |
CVE-2023-21745 | Microsoft Exchange Server Spoofing Vulnerability | 8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21745 |
CVE-2023-21762 | Microsoft Exchange Server Spoofing Vulnerability | 8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21762 |
CVE-2017-14424 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14424 |
CVE-2017-14425 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14425 |
CVE-2017-14426 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14426 |
CVE-2017-14427 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14427 |
CVE-2017-14428 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14428 |
CVE-2018-0417 | A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A successful exploit could allow an attacker to create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-0417 |
CVE-2019-20499 | D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-20499 |
CVE-2019-20500 | D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-20500 |
CVE-2019-20501 | D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-20501 |
CVE-2022-4065 | A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The name of the patch is 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4065 |
CVE-2023-21524 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21524 |
CVE-2023-21537 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21537 |
CVE-2023-21541 | Windows Task Scheduler Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21541 |
CVE-2023-21551 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21551 |
CVE-2023-21552 | Windows GDI Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21552 |
CVE-2023-21558 | Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21558 |
CVE-2023-21561 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21561 |
CVE-2023-21675 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21675 |
CVE-2023-21678 | Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21678 |
CVE-2023-21680 | Windows Win32k Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21680 |
CVE-2023-21724 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21724 |
CVE-2023-21726 | Windows Credential Manager User Interface Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21726 |
CVE-2023-21730 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21730 |
CVE-2023-21734 | Microsoft Office Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21734 |
CVE-2023-21735 | Microsoft Office Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21735 |
CVE-2023-21736 | Microsoft Office Visio Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21736 |
CVE-2023-21737 | Microsoft Office Visio Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21737 |
CVE-2023-21746 | Windows NTLM Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21746 |
CVE-2023-21747 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21747 |
CVE-2023-21748 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21748 |
CVE-2023-21749 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21749 |
CVE-2023-21754 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21754 |
CVE-2023-21755 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21755 |
CVE-2023-21763 | Microsoft Exchange Server Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21763 |
CVE-2023-21764 | Microsoft Exchange Server Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21764 |
CVE-2023-21765 | Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21765 |
CVE-2023-21767 | Windows Overlay Filter Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21767 |
CVE-2023-21768 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21768 |
CVE-2023-21772 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21772 |
CVE-2023-21773 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21773 |
CVE-2023-21774 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21774 |
CVE-2023-21779 | Visual Studio Code Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21779 |
CVE-2023-21780 | 3D Builder Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21780 |
CVE-2023-21781 | 3D Builder Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21781 |
CVE-2023-21782 | 3D Builder Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21782 |
CVE-2023-21783 | 3D Builder Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21783 |
CVE-2023-21784 | 3D Builder Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21784 |
CVE-2023-21785 | 3D Builder Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21785 |
CVE-2023-21786 | 3D Builder Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21786 |
CVE-2023-21787 | 3D Builder Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21787 |
CVE-2023-21788 | 3D Builder Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21788 |
CVE-2023-21789 | 3D Builder Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21789 |
CVE-2023-21790 | 3D Builder Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21790 |
CVE-2023-21791 | 3D Builder Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21791 |
CVE-2023-21792 | 3D Builder Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21792 |
CVE-2023-21793 | 3D Builder Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21793 |
CVE-2023-0127 | A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0127 |
CVE-2023-23420 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23420 |
CVE-2023-23421 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23421 |
CVE-2023-23422 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23422 |
CVE-2023-23423 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23423 |
CVE-2023-1281 | Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root.\nThis issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1281 |
CVE-2023-28759 | An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28759 |
CVE-2023-28772 | An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28772 |
CVE-2022-37381 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFSpecial_KeystrokeEx method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17110. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-37381 |
CVE-2021-46878 | An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-46878 |
CVE-2021-46879 | An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute arbitrary code on the target system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-46879 |
CVE-2023-27909 | An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27909 |
CVE-2023-27910 | A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27910 |
CVE-2023-27911 | A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27911 |
CVE-2023-28966 | An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an attacker with access to these files and folders to inject CLI commands as root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28966 |
CVE-2021-41614 | An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The read/write access permissions to the Exception Program Counter Register (EPCR) are not implemented correctly. User programs from an unauthorized privilege level can make read/write accesses to EPCR. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-41614 |
CVE-2023-25554 | \n\n\n\n\nA CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS\nCommand Injection') vulnerability exists that allows a local privilege escalation on the appliance\nwhen a maliciously crafted Operating System command is entered on the device.\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25554 |
CVE-2021-0872 | In PVRSRVBridgeRGXKickVRDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270401229 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-0872 |
CVE-2021-0873 | In PVRSRVBridgeRGXKickRS of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270392711 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-0873 |
CVE-2021-0874 | In PVRSRVBridgeDevicememHistorySparseChange of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270399633 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-0874 |
CVE-2021-0875 | In PVRSRVBridgeChangeSparseMem of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270400061 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-0875 |
CVE-2021-0876 | In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270400229 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-0876 |
CVE-2021-0878 | In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270399153 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-0878 |
CVE-2021-0879 | In PVRSRVBridgeRGXTDMSubmitTransfer of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270397970 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-0879 |
CVE-2021-0880 | In PVRSRVBridgeRGXKickTA3D of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270396792 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-0880 |
CVE-2021-0881 | In PVRSRVBridgeRGXKickCDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270396350 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-0881 |
CVE-2021-0882 | In PVRSRVBridgeRGXKickSync of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270395803 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-0882 |
CVE-2021-0883 | In PVRSRVBridgeCacheOpQueue of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270395013 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-0883 |
CVE-2021-0884 | In PVRSRVBridgePhysmemImportSparseDmaBuf of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270393454 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-0884 |
CVE-2021-0885 | In PVRSRVBridgeSyncPrimOpTake of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270401914 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-0885 |
CVE-2023-20950 | In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-195756028 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20950 |
CVE-2023-20967 | In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-225879503 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20967 |
CVE-2023-21081 | In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-230492955 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21081 |
CVE-2023-21083 | In onNullBinding of CallScreeningServiceHelper.java, there is a possible way to record audio without showing a privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252762941 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21083 |
CVE-2023-21092 | In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242040055 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21092 |
CVE-2023-21093 | In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-228450832 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21093 |
CVE-2023-21094 | In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-248031255 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21094 |
CVE-2023-21097 | In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261858325 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21097 |
CVE-2023-21100 | In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-242544249 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21100 |
CVE-2023-28122 | A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28122 |
CVE-2021-33973 | Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allows attacker to escalate priveleges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33973 |
CVE-2023-28047 | \nDell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28047 |
CVE-2023-2112 | Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2112 |
CVE-2022-36788 | A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially-crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36788 |
CVE-2023-23579 | \n\n\n\n\n\n\n\n\nDatakit CrossCadWare_x64.dll contains an out-of-bounds write past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This could allow an attacker to execute code in the context of the current process. \n\n \n\n \n\n \n\n \n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23579 |
CVE-2023-2176 | A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2176 |
CVE-2022-47505 | The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47505 |
CVE-2023-0184 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0184 |
CVE-2023-0202 | NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0202 |
CVE-2023-0206 | NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0206 |
CVE-2023-0209 | NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0209 |
CVE-2023-25505 | NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25505 |
CVE-2023-25508 | NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25508 |
CVE-2023-25509 | NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25509 |
CVE-2023-2241 | A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2241 |
CVE-2023-30533 | SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30533 |
CVE-2023-25348 | ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25348 |
CVE-2023-0203 | NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. | 7.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-0203 |
CVE-2023-0204 | NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service. | 7.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-0204 |
CVE-2023-0205 | NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. | 7.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-0205 |
CVE-2015-3276 | The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2015-3276 |
CVE-2015-7245 | Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2015-7245 |
CVE-2017-14422 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-14422 |
CVE-2017-14423 | htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-14423 |
CVE-2017-14430 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-14430 |
CVE-2015-0153 | D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2015-0153 |
CVE-2018-17880 | On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-17880 |
CVE-2018-14080 | An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-14080 |
CVE-2018-10822 | Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-10822 |
CVE-2018-18441 | D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-18441 |
CVE-2018-18442 | D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio streaming) by using the hping3 tool to perform an IPv4 flood attack. Verified attacks includes SYN flooding, UDP flooding, ICMP flooding, and SYN-ACK flooding. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-18442 |
CVE-2019-9126 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the router_info.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN information, and WLAN information of the device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-9126 |
CVE-2019-16201 | WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16201 |
CVE-2019-19223 | A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-19223 |
CVE-2019-19224 | A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-19224 |
CVE-2019-19225 | A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-19225 |
CVE-2019-19226 | A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-19226 |
CVE-2019-15655 | D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-15655 |
CVE-2019-15656 | D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-15656 |
CVE-2020-13136 | D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13136 |
CVE-2020-12695 | The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-12695 |
CVE-2020-15894 | An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-15894 |
CVE-2020-25078 | An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-25078 |
CVE-2020-25613 | An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-25613 |
CVE-2020-29573 | sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-29573 |
CVE-2020-24580 | An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Lack of authentication functionality allows an attacker to assign a static IP address that was once used by a valid user. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-24580 |
CVE-2021-32785 | mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-32785 |
CVE-2021-40690 | All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-40690 |
CVE-2021-46102 | From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.st_value is read directly from ELF file without checking. If the sym.st_value is rather large, an integer overflow is triggered while calculating the variable "addr" via "addr = (sym.st_value + refd_pa) as u64"; | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46102 |
CVE-2018-25032 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-25032 |
CVE-2022-21449 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21449 |
CVE-2022-21476 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21476 |
CVE-2022-31264 | Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31264 |
CVE-2022-34169 | The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34169 |
CVE-2022-1941 | A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1941 |
CVE-2022-42725 | Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42725 |
CVE-2022-3171 | A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3171 |
CVE-2022-41323 | In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41323 |
CVE-2022-35261 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_authorized_keys/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35261 |
CVE-2022-35262 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_xml_file/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35262 |
CVE-2022-35263 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_file/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35263 |
CVE-2022-35264 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_aaa_cert_file/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35264 |
CVE-2022-3109 | An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3109 |
CVE-2022-43551 | A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43551 |
CVE-2023-21527 | Windows iSCSI Service Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21527 |
CVE-2023-21538 | .NET Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21538 |
CVE-2023-21539 | Windows Authentication Remote Code Execution Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21539 |
CVE-2023-21547 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21547 |
CVE-2023-21557 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21557 |
CVE-2023-21677 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21677 |
CVE-2023-21683 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21683 |
CVE-2023-21728 | Windows Netlogon Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21728 |
CVE-2023-21757 | Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21757 |
CVE-2023-21758 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21758 |
CVE-2023-21761 | Microsoft Exchange Server Information Disclosure Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21761 |
CVE-2023-23969 | In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23969 |
CVE-2023-0215 | The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0215 |
CVE-2023-22795 | A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22795 |
CVE-2023-24580 | An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24580 |
CVE-2023-22580 | Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22580 |
CVE-2023-0994 | Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0994 |
CVE-2023-24858 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24858 |
CVE-2023-28626 | comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-047` | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28626 |
CVE-2023-28755 | A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28755 |
CVE-2023-28756 | A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28756 |
CVE-2023-28625 | mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28625 |
CVE-2023-1992 | RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1992 |
CVE-2022-47501 | Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a \npre-authentication attack.\nThis issue affects Apache OFBiz: before 18.12.07.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47501 |
CVE-2023-2004 | An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2004 |
CVE-2022-47522 | The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47522 |
CVE-2021-43612 | In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-43612 |
CVE-2023-1831 | Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1831 |
CVE-2023-27705 | APNG_Optimizer v1.4 was discovered to contain a buffer overflow via the component /apngopt/ubuntu.png. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27705 |
CVE-2023-28964 | An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause an RPD crash leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Upon receipt of a malformed BGP flowspec update, RPD will crash resulting in a Denial of Service. This issue affects Juniper Networks Junos OS: All versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2; Juniper Networks Junos OS Evolved: All versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R2-EVO; 20.3 versions prior to 20.3R2-EVO; | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28964 |
CVE-2023-28965 | An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper Networks Junos OS allows an attacker sending a high rate of traffic to cause a Denial of Service. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. Storm control monitors the level of applicable incoming traffic and compares it with the level specified. If the combined level of the applicable traffic exceeds the specified level, the switch drops packets for the controlled traffic types. This issue affects Juniper Networks Junos OS on QFX10002: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28965 |
CVE-2023-28967 | A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial of Service (DoS) by crashing the Routing Protocol Daemon (rpd). This issue is triggered when the packets attempt to initiate a BGP connection before a BGP session is successfully established. Continued receipt of these specific BGP packets will cause a sustained Denial of Service condition. This issue is triggerable in both iBGP and eBGP deployments. This issue affects: Juniper Networks Junos OS 21.1 version 21.1R1 and later versions prior to 21.1R3-S5; 21.2 version 21.2R1 and later versions prior to 21.2R3-S2; 21.3 version 21.3R1 and later versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1. This issue affects: Juniper Networks Junos OS Evolved 21.1-EVO version 21.1R1-EVO and later versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28967 |
CVE-2023-28976 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If specific traffic is received on MX Series and its rate exceeds the respective DDoS protection limit the ingress PFE will crash and restart. Continued receipt of this traffic will create a sustained DoS condition. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S5; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28976 |
CVE-2023-28982 | A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a BGP rib sharding scenario, when an attribute of an active BGP route is updated memory will leak. As rpd memory usage increases over time the rpd process will eventually run out of memory, crash, and restart. The memory utilization can be monitored with the following CLI commands: show task memory show system processes extensive | match rpd This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28982 |
CVE-2023-21912 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.41 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21912 |
CVE-2023-29887 | A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29887 |
CVE-2023-29413 | \nA CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause\nDenial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor\nservice. \n\n \n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29413 |
CVE-2023-30608 | sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30608 |
CVE-2023-29517 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The office document viewer macro was allowing anyone to see any file content from the hosting server, provided that the office server was connected and depending on the permissions of the user running the servlet engine (e.g. tomcat) running XWiki. The same vulnerability also allowed to perform internal requests to resources from the hosting server. The problem has been patched in XWiki 13.10.11, 14.10.1, 14.4.8, 15.0-rc-1. Users are advised to upgrade. It might be possible to workaround this vulnerability by running XWiki in a sandbox with a user with very low privileges on the machine.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29517 |
CVE-2023-2135 | Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2135 |
CVE-2023-25619 | \nA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that\ncould cause denial of service of the controller when communicating over the Modbus TCP\nprotocol. \n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25619 |
CVE-2023-30463 | Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. This affects installations with Ethernet support in which a packet size greater than 65495 may occur. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30463 |
CVE-2023-22893 | Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22893 |
CVE-2023-30797 | \n\nNetflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30797 |
CVE-2023-0383 | \nUser-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1\n\n due to uncontrolled memory consumption.\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0383 |
CVE-2023-0384 | \nUser-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1\n\n due to uncontrolled memory consumption for a scheduled job.\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0384 |
CVE-2023-27351 | This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27351 |
CVE-2023-2204 | A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file faqs.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226969 was assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2204 |
CVE-2023-2205 | A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-226970 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2205 |
CVE-2023-2207 | A vulnerability classified as critical was found in Campcodes Retro Basketball Shoes Online Store 1.0. This vulnerability affects unknown code of the file contactus1.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226972. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2207 |
CVE-2023-2208 | A vulnerability, which was classified as critical, has been found in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226973 was assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2208 |
CVE-2023-2209 | A vulnerability, which was classified as critical, was found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/sales/view_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226974 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2209 |
CVE-2023-2210 | A vulnerability has been found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/categories/view_category.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226975. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2210 |
CVE-2023-2211 | A vulnerability was found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226976. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2211 |
CVE-2023-2212 | A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226977 was assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2212 |
CVE-2023-2213 | A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/products/manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226978 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2213 |
CVE-2023-2214 | A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/sales/manage_sale.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226979. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2214 |
CVE-2023-30798 | There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30798 |
CVE-2023-26557 | io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.) | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26557 |
CVE-2023-30620 | mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the vulnerability is called a TarSlip or a ZipSlip variant. An attacker may leverage this vulnerability to overwrite any local file which the server process has access to. There is no risk of file exposure with this vulnerability. This issue has been addressed in release `23.2.1.0 `. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30620 |
CVE-2023-31043 | EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands. The fixed versions are 10.23.33, 11.18.29, 12.13.17, 13.9.13, and 14.6.0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31043 |
CVE-2023-31059 | Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31059 |
CVE-2023-22577 | Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22577 |
CVE-2022-48476 | In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48476 |
CVE-2021-23203 | Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-23203 |
CVE-2021-32066 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-32066 |
CVE-2023-21930 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-21930 |
CVE-2018-10431 | D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-10431 |
CVE-2018-6211 | On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-6211 |
CVE-2018-16408 | D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-16408 |
CVE-2018-3953 | Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal, it enters a code path that continues until it reaches offset 0x0042B5C4 in the 'start_lltd' function. Within the 'start_lltd' function, a 'nvram_get' call is used to obtain the value of the user-controlled 'machine_name' NVRAM entry. This value is then entered directly into a command intended to write the host name to a file and subsequently executed. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-3953 |
CVE-2018-3954 | Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-3954 |
CVE-2018-3955 | An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the 'Domain Name' input field through the web portal is submitted to apply.cgi as the value to the 'wan_domain' POST parameter. The wan_domain data goes through the nvram_set process described above. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-3955 |
CVE-2012-6614 | D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2012-6614 |
CVE-2020-6842 | D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-6842 |
CVE-2023-24685 | ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-24685 |
CVE-2023-29507 | XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking rights. The problem has been patched in XWiki 14.10 and 14.4.7 by returning a safe script API. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-29507 |
CVE-2023-27733 | DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-27733 |
CVE-2023-28971 | An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance (PAA) (Formerly Netrounds) allows an attacker to bypass existing firewall rules and limitations used to restrict internal communcations. The Test Agents (TA) Appliance connects to the Control Center (CC) using OpenVPN. TA's are assigned an internal IP address in the 100.70.0.0/16 range. Firewall rules exists to limit communication from TA's to the CC to specific services only. OpenVPN is configured to not allow direct communication between Test Agents in the OpenVPN application itself, and routing is normally not enabled on the server running the CC application. The timescaledb feature is installed as an optional package on the Control Center. When the timescaledb container is started, this causes side-effects by bypassing the existing firewall rules and limitations for Test Agent communications. Note: This issue only affects customers hosting their own on-prem Control Center. The Paragon Active Assurance Software as a Service (SaaS) is not affected by this vulnerability since the timescaledb service is not enabled. This issue affects all on-prem versions of Juniper Networks Paragon Active Assurance prior to 4.1.2. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-28971 |
CVE-2023-2150 | A vulnerability, which was classified as critical, has been found in SourceCodester Task Reminder System 1.0. This issue affects some unknown processing of the file Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226271. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-2150 |
CVE-2023-2154 | A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/?page=reminders/view_reminder. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226275. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-2154 |
CVE-2023-29855 | WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-29855 |
CVE-2023-22621 | Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses the validation checks that should prevent code execution. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-22621 |
CVE-2023-20865 | VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-20865 |
CVE-2022-36963 | The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-36963 |
CVE-2023-21738 | Microsoft Office Visio Remote Code Execution Vulnerability | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21738 |
CVE-2023-21741 | Microsoft Office Visio Information Disclosure Vulnerability | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21741 |
CVE-2023-21750 | Windows Kernel Elevation of Privilege Vulnerability | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21750 |
CVE-2023-21752 | Windows Backup Service Elevation of Privilege Vulnerability | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21752 |
CVE-2023-21760 | Windows Print Spooler Elevation of Privilege Vulnerability | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21760 |
CVE-2023-1161 | ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1161 |
CVE-2023-28973 | An Improper Authorization vulnerability in the 'sysmanctl' shell command of Juniper Networks Junos OS Evolved allows a local, authenticated attacker to execute administrative commands that could impact the integrity of the system or system availability. Administrative functions such as daemon restarting, routing engine (RE) switchover, and node shutdown can all be performed through exploitation of the 'sysmanctl' command. Access to the 'sysmanctl' command is only available from the Junos shell. Neither direct nor indirect access to 'sysmanctl' is available from the Junos CLI. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R1-S2-EVO, 21.4R2-EVO. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28973 |
CVE-2023-21980 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21980 |
CVE-2018-18767 | An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2018-18767 |
CVE-2023-21531 | Azure Service Fabric Container Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21531 |
CVE-2023-21532 | Windows GDI Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21532 |
CVE-2023-21542 | Windows Installer Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21542 |
CVE-2023-21733 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21733 |
CVE-2023-21739 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21739 |
CVE-2023-21771 | Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21771 |
CVE-2023-28466 | do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-28466 |
CVE-2023-28140 | \nAn Executable Hijacking condition exists in the\nQualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers\nmay load a malicious copy of a Dependency Link Library (DLL) via a local\nattack vector instead of the DLL that the application was expecting, when\nprocesses are running with escalated privileges. This vulnerability\nis bounded only to the time of uninstallation and can only be exploited\nlocally.\n\n\n\nAt the time of this disclosure, versions before 4.0 are classified as End of\nLife.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-28140 |
CVE-2023-28142 | \nA Race Condition exists in the Qualys Cloud Agent for Windows\nplatform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to\nescalate privileges limited on the local machine during uninstallation of the\nQualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on\nthat asset to run arbitrary commands.\n\n\n\nAt the time of this disclosure, versions before 4.0 are classified as End\nof Life.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-28142 |
CVE-2023-28143 | \nQualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7)\ninstaller allows a local escalation of privilege bounded only to the time of\ninstallation and only on older macOSX (macOS 10.15 and older) versions.\nAttackers may exploit incorrect file permissions to give them ROOT command\nexecution privileges on the host. During the install of the PKG, a step in the\nprocess involves extracting the package and copying files to several\ndirectories. Attackers may gain writable access to files during the install of\nPKG when extraction of the package and copying files to several directories,\nenabling a local escalation of privilege.\n\n\n\n\n\n\n\n\n\n | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-28143 |
CVE-2023-21563 | BitLocker Security Feature Bypass Vulnerability | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21563 |
CVE-2023-28972 | An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on NFX Series systems, leading to a possible administrative bypass with physical access to the console. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. This is similar to the vulnerability described in CVE-2019-0035 but affects different platforms and in turn requires a different fix. This issue affects Juniper Networks Junos OS on NFX Series: 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S12; 20.2 versions prior to 20.2R3-S8; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28972 |
CVE-2022-47930 | An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47930 |
CVE-2018-3913 | An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2018-3913 |
CVE-2020-7580 | A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-7580 |
CVE-2023-29187 | A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the attackers control.\n\n | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-29187 |
CVE-2022-37704 | Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-37704 |
CVE-2022-37705 | A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported), | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-37705 |
CVE-2022-34755 | \nA CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker\nwith a local privileged account to place a specially crafted file on the target machine, which may\ngive the attacker the ability to execute arbitrary code during the installation process initiated by a\nvalid user. Affected Products: Easergy Builder Installer (1.7.23 and prior) | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-34755 |
CVE-2023-21084 | In buildPropFile of filesystem.go, there is a possible insecure hash due to an improperly used crypto. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262892300 | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21084 |
CVE-2023-2194 | An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-2194 |
CVE-2023-0200 | NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-0200 |
CVE-2023-0201 | NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service, compromised integrity, and information disclosure. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-0201 |
CVE-2023-21560 | Windows Boot Manager Security Feature Bypass Vulnerability | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-21560 |
CVE-2023-20941 | In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264029575References: Upstream kernel | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-20941 |
CVE-2023-25512 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds memory read by running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-25512 |
CVE-2023-25513 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-25513 |
CVE-2023-25514 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-25514 |
CVE-2018-12103 | An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-12103 |
CVE-2013-4856 | D-Link DIR-865L has Information Disclosure. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2013-4856 |
CVE-2020-13135 | D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13135 |
CVE-2020-24578 | An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-24578 |
CVE-2021-27250 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-27250 |
CVE-2021-34860 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the getpage parameter provided to the webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-12103. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-34860 |
CVE-2022-0108 | Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0108 |
CVE-2022-35191 | D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35191 |
CVE-2023-21807 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21807 |
CVE-2023-24922 | Microsoft Dynamics 365 Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24922 |
CVE-2023-1801 | The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1801 |
CVE-2023-30456 | An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30456 |
CVE-2023-1993 | LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1993 |
CVE-2023-1994 | GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1994 |
CVE-2020-27545 | libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-27545 |
CVE-2020-28163 | libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-28163 |
CVE-2022-48313 | The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48313 |
CVE-2022-48314 | The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48314 |
CVE-2023-25504 | A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery\nattacks and query internal resources on behalf of the server where Superset\nis deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1.\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25504 |
CVE-2023-29004 | hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI (6.3.9.0 at the moment of writing this report). The vulnerability can be exploited via an HTTP request to /app/options.py and the config_file_name parameter. Successful exploitation of this vulnerability could allow an attacker with user level privileges to obtain the content of arbitrary files on the file server within the scope of what the server process has access to. The root-cause of the vulnerability lies in the get_config function of the /app/modules/config/config.py file, which only checks for relative path traversal, but still allows to read files from absolute locations passed via the config_file_name parameter. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29004 |
CVE-2023-1697 | An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and thereby a Denial of Service (DoS). Continued receipt of these specific frames will cause a sustained Denial of Service condition. This issue occurs when a specific malformed ethernet frame is received. This issue affects Juniper Networks Junos OS on QFX10000 Series, PTX1000 Series Series: All versions prior to 19.4R3-S10; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1697 |
CVE-2023-24500 | Electra Central AC unit – Adjacent attacker may cause the unit to load unauthorized FW. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24500 |
CVE-2023-24502 | Electra Central AC unit – The unit opens an AP with an easily calculated password. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24502 |
CVE-2023-24503 | Electra Central AC unit – Adjacent attacker may cause the unit to load unauthorized FW. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24503 |
CVE-2023-24504 | Electra Central AC unit – Adjacent attacker may cause the unit to connect to unauthorized update server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24504 |
CVE-2023-28959 | An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows an unauthenticated, adjacent attacker on the local broadcast domain sending a malformed packet to the device, causing all PFEs other than the inbound PFE to wedge and to eventually restart, resulting in a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue can only be triggered by sending a specific malformed packet to the device. Transit traffic does not trigger this issue. An indication of this issue occurring can be seen through the following log messages: fpc0 expr_hostbound_packet_handler: Receive pe 73? fpc0 Cmerror Op Set: PE Chip: PE0[0]: PGQ:misc_intr: 0x00000020: Enqueue of a packet with out-of-range VOQ in 192K-VOQ mode (URI: /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL) The logs list below can also be observed when this issue occurs fpc0 Error: /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL (0x210107), scope: pfe, category: functional, severity: major, module: PE Chip, type: Description for PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL fpc0 Performing action cmalarm for error /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL (0x210107) in module: PE Chip with scope: pfe category: functional level: major fpc0 Error: /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE (0x21011a), scope: pfe, category: functional, severity: fatal, module: PE Chip, type: Description for PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE fpc0 Performing action cmalarm for error /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE (0x21011a) in module: PE Chip with scope: pfe category: functional level: fatal fpc0 Performing action disable-pfe for error /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE (0x21011a) in module: PE Chip with scope: pfe category: functional level: fatal This issue affects Juniper Networks Junos OS on QFX10002: All versions prior to 19.1R3-S10; 19.4 versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28959 |
CVE-2023-28970 | An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on JRR200 route reflector appliances allows an adjacent, network-based attacker sending a specific packet to the device to cause a kernel crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue can only be triggered by an attacker on the local broadcast domain. Packets routed to the device are unable to trigger this crash. This issue affects Juniper Networks Junos OS on JRR200: All versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S4; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S2, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2; 22.4 versions prior to 22.4R1-S1, 22.4R2. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28970 |
CVE-2023-28974 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the bbe-smgd of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In a Broadband Edge / Subscriber Management scenario on MX Series when a specifically malformed ICMP packet addressed to the device is received from a subscriber the bbe-smgd will crash, affecting the subscriber sessions that are connecting, updating, or terminating. Continued receipt of such packets will lead to a sustained DoS condition. When this issue happens the below log can be seen if the traceoptions for the processes smg-service are enabled: BBE_TRACE(TRACE_LEVEL_INFO, "%s: Dropped unsupported ICMP PKT ... This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R2-S2, 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R1-S2, 22.3R2. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28974 |
CVE-2023-28981 | An Improper Input Validation vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If the receipt of router advertisements is enabled on an interface and a specifically malformed RA packet is received, memory corruption will happen which leads to an rpd crash. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28981 |
CVE-2023-30536 | slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline (\\n) into both the header names and values. While the specification states that \\r\\n\\r\\n is used to terminate the header list, many servers in the wild will also accept \\n\\n. An attacker that is able to control the header names that are passed to Slilm-Psr7 would be able to intentionally craft invalid messages, possibly causing application errors or invalid HTTP requests being sent out with an PSR-18 HTTP client. The latter might present a denial of service vector if a remote service’s web application firewall bans the application due to the receipt of malformed requests. The issue has been patched in version 1.6.1. There are no known workarounds to this issue. Users are advised to upgrade. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30536 |
CVE-2023-21946 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21946 |
CVE-2022-43378 | \n\n\n\n\n\n\nA CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that\ncould cause the user to be tricked into performing unintended actions when external address\nframes are not properly restricted.\n\n\n\n\n\n Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0\n\n and prior) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43378 |
CVE-2023-25548 | \nA CWE-863: Incorrect Authorization vulnerability exists that could allow access to device\ncredentials on specific DCE endpoints not being properly secured when a hacker is using a low\nprivileged user. \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25548 |
CVE-2023-28856 | Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28856 |
CVE-2023-29520 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no workarounds other than fixing any way to create a document that fail to load. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29520 |
CVE-2023-30552 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `sql/instance.py` endpoint's `describe` method. In several cases, user input coming from the `tb_name` parameter value, the `db_name` parameter value or the `schema_name` value in the `sql/instance.py` `describe` endpoint is passed to the `describe_table` methods in given SQL engine implementations, which concatenate user input unsafely into a SQL query and afterwards pass it to the `query` method of each database engine for execution. Please take into account that in some cases all three parameter values are concatenated, in other only one or two of them. The affected methods are: `describe_table` in `sql/engines/clickhouse.py`which concatenates input which is passed to execution on the database in the `query` method in `sql/engines/clickhouse.py`, `describe_table` in `sql/engines/mssql.py` which concatenates input which is passed to execution on the database in the `query` methods in `sql/engines/mssql.py`, `describe_table` in `sql/engines/mysql.py`which concatenates input which is passed to execution on the database in the `query` method in `sql/engines/mysql.py`, `describe_table` in `sql/engines/oracle.py` which concatenates input which is passed to execution on the database in the `query` methods in `sql/engines/oracle.py`, `describe_table` in `sql/engines/pgsql.py`which concatenates input which is passed to execution on the database in the `query` methods in `sql/engines/pgsql.py`, `describe_table` in `sql/engines/phoenix.py` which concatenates input which is passed to execution on the database in the `query` method in `sql/engines/phoenix.py`. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-101`.\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30552 |
CVE-2023-30553 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the `sql_api/api_workflow.py` endpoint `ExecuteCheck`. User input coming from the `db_name` parameter value and the `full_sql` parameter value in the `api_workflow.py` `ExecuteCheck` endpoint is passed to the methods that follow in given SQL engine implementations, which concatenate user input unsafely into a SQL query and afterwards pass it to the `query` method of each database engine for execution. The affected methods are `execute_check` in `sql/engines/clickhouse.py` which concatenates input which is passed to execution on the database in the `sql/engines/clickhouse.py` `query` method, `execute_check` in `sql/engines/goinception.py`which concatenates input which is passed to execution on the database in the `sql/engines/goinception.py` `query` method, `execute_check` in `sql/engines/oracle.py`which passes unsafe user input into the `object_name_check` method in `sql/engines/oracle.py` which in turn is passed to execution on the database in the `sql/engines/oracle.py` `query` method. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-102`. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30553 |
CVE-2023-30554 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `sql_api/api_workflow.py` endpoint `ExecuteCheck` which passes unfiltered input to the `explain_check` method in `sql/engines/oracle.py`. User input coming from the `db_name` parameter value in the `api_workflow.py` `ExecuteCheck` endpoint is passed through the `oracle.py` `execute_check` method and to the `explain_check` method for execution. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-103`. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30554 |
CVE-2023-30555 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the `explain` method in `sql_optimize.py`. User input coming from the `db_name` parameter value in the `explain` endpoint is passed to the following `query` methods of each database engine for execution. `query` in `sql/engines/mssql.py`, and `query` in `sql/engines/oracle.py`. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-108`. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30555 |
CVE-2023-30556 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `optimize_sqltuningadvisor` method of `sql_optimize.py`. User input coming from the `db_name` parameter value in `sql_optimize.py` is passed to the `sqltuningadvisor` method in `oracle.py`for execution. To mitigate escape the variables accepted via user input when used in `sql_optimize.py`. Users may also use prepared statements when dealing with SQL as a mitigation for this issue. This issue is also indexed as `GHSL-2022-107`. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30556 |
CVE-2023-30557 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `data_dictionary.py` `table_info`. User input coming from the `db_name` in and the `tb_name` parameter values in the `sql/data_dictionary.py` `table_info` endpoint is passed to the following methods in the given SQL engine implementations, which concatenate user input unsafely into a SQL query and afterwards pass it to the `query` method of each database engine for execution.The methods are `get_table_meta_data ` in `sql/engines/mssql.py` which passes unsafe user input to the `sql/engines/mssql.py` `query` method, `get_table_desc_data` in `sql/engines/mssql.py`which passes unsafe user input to the `sql/engines/mssql.py` `query`, `get_table_index_data` in `sql/engines/mssql.py`which passes unsafe user input to the `sql/engines/mssql.py` `query` method, `get_table_meta_data` in `sql/engines/oracle.py`which concatenates input which is passed to execution on the database in the `sql/engines/oracle.py` `query` method, `get_table_desc_data` in `sql/engines/oracle.py`which concatenates input which is passed to execution on the database in the `sql/engines/oracle.py` `query` method, and `get_table_index_data` in `sql/engines/oracle.py` which concatenates input which is passed to execution on the database in the `sql/engines/oracle.py` `query` method. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-106`. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30557 |
CVE-2023-30558 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the `db_name` in the `sql/data_dictionary.py` `table_list` endpoint is passed to the methods that follow in a given SQL engine implementations, which concatenate user input unsafely into a SQL query and afterwards pass it to the `query` method of each database engine for execution. The affected methods are `get_group_tables_by_db` in `sql/engines/mssql.py`which passes unsafe user input to `sql/engines/mssql.py`, and `get_group_tables_by_db` in `sql/engines/oracle.py`which concatenates input which is passed to execution on the database in the `sql/engines/oracle.py` `query` method. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-105`. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30558 |
CVE-2023-30605 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the `variable_name` and `variable_value` parameter value in the `sql/instance.py` `param_edit` endpoint is passed to a set of methods in given SQL engine implementations, which concatenate user input unsafely into a SQL query and afterwards pass it to the `query` method of each database engine for execution. The affected methods are: `set_variable` in `sql/engines/goinception.py` which concatenates input which is passed to execution on the database in the `sql/engines/goinception.py`, `get_variables` in `sql/engines/goinception.py` which concatenates input which is passed to execution on the database in the `sql/engines/goinception.py`, `set_variable` in `sql/engines/mysql.py` which concatenates input which is passed to execution on the database in the `sql/engines/mysql.py` `query`, and `get_variables` in `sql/engines/mysql.py`which concatenates input which is passed to execution on the database in the `sql/engines/mysql.py` `query`. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This advisory is also indexed as `GHSL-2022-104`. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30605 |
CVE-2023-25620 | \n\n\nA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that\ncould cause denial of service of the controller when a malicious project file is loaded onto the\ncontroller by an authenticated user. \n\n \n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25620 |
CVE-2023-29586 | Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29586 |
CVE-2023-27495 | @fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @fastify/csrf-protection supports an optional userInfo parameter that binds the CSRF token to the user. This parameter has been introduced to prevent cookie-tossing attacks as a fix for CVE-2021-29624. Whenever userInfo parameter is missing, or its value can be predicted for the target user account, network and same-site attackers can 1. fixate a _csrf cookie in the victim's browser, and 2. forge CSRF tokens that are valid for the victim's session. This allows attackers to bypass the CSRF protection mechanism. As a fix, @fastify/csrf-protection starting from version 6.3.0 (and v4.1.0) includes a server-defined secret hmacKey that cryptographically binds the CSRF token to the value of the _csrf cookie and the userInfo parameter, making tokens non-spoofable by attackers. This protection is effective as long as the userInfo parameter is unique for each user. This is patched in versions 6.3.0 and v4.1.0. Users are advised to upgrade. Users unable to upgrade may use a random, non-predictable userInfo parameter for each user as a mitigation. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27495 |
CVE-2023-30616 | Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any website without a user noticing. Users are advised to upgrade to version 1.0.2. There are no known workarounds for this vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30616 |
CVE-2023-2202 | Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2202 |
CVE-2023-2239 | Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2239 |
CVE-2023-31056 | CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31056 |
CVE-2023-30776 | An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30776 |
CVE-2023-1129 | The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1129 |
CVE-2023-26841 | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26841 |
CVE-2021-44460 | Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permission it still holds, via crafted RPC requests. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-44460 |
CVE-2023-30772 | The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-30772 |
CVE-2023-21725 | Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21725 |
CVE-2023-28141 | \nAn NTFS Junction condition exists in the Qualys Cloud Agent\nfor Windows platform in versions before 4.8.0.31. Attackers may write files to\narbitrary locations via a local attack vector. This allows attackers to assume\nthe privileges of the process, and they may delete or otherwise on unauthorized\nfiles, allowing for the potential modification or deletion of sensitive files\nlimited only to that specific directory/file object. This vulnerability is\nbounded to the time of installation/uninstallation and can only be exploited locally.\n\n\n\nAt the time of this disclosure, versions before 4.0 are\nclassified as End of Life.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28141 |
CVE-2023-1585 | Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-1585 |
CVE-2017-10676 | On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-10676 |
CVE-2017-14413 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-14413 |
CVE-2017-14414 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-14414 |
CVE-2017-14415 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-14415 |
CVE-2017-14416 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-14416 |
CVE-2016-10699 | D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-10699 |
CVE-2018-6527 | XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-6527 |
CVE-2018-6528 | XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-6528 |
CVE-2018-6529 | XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-6529 |
CVE-2018-10107 | D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-10107 |
CVE-2018-10108 | D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-10108 |
CVE-2018-6212 | On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of the XMLHttpRequest object. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-6212 |
CVE-2018-17441 | An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-17441 |
CVE-2018-17443 | An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-17443 |
CVE-2018-18636 | XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-18636 |
CVE-2019-17663 | D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-17663 |
CVE-2013-7054 | D-Link DIR-100 4.03B07: cli.cgi XSS | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2013-7054 |
CVE-2019-20479 | A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-20479 |
CVE-2020-15895 | An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-15895 |
CVE-2021-32786 | mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. This bug has been fixed in version 2.4.9 by replacing any backslash of the URL to redirect with slashes to address a particular breaking change between the different specifications (RFC2396 / RFC3986 and WHATWG). As a workaround, this vulnerability can be mitigated by configuring `mod_auth_openidc` to only allow redirection whose destination matches a given regular expression. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32786 |
CVE-2021-32792 | mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32792 |
CVE-2022-23808 | An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-23808 |
CVE-2023-24935 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-24935 |
CVE-2023-29204 | XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1.\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29204 |
CVE-2018-17883 | An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-17883 |
CVE-2023-29506 | XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29506 |
CVE-2023-1473 | The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1473 |
CVE-2015-10102 | A vulnerability, which was classified as critical, has been found in Freshdesk Plugin 1.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The name of the patch is 2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b. It is recommended to upgrade the affected component. VDB-226118 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2015-10102 |
CVE-2022-46389 | There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-46389 |
CVE-2022-45838 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARForms Form Builder plugin <= 1.5.5 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-45838 |
CVE-2022-45836 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-45836 |
CVE-2023-2153 | A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/assets/plugins/DataTables/examples/examples_support/editable_ajax.php of the component POST Parameter Handler. The manipulation of the argument value with the input 1>--redacted-- leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-226274 is the identifier assigned to this vulnerability | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2153 |
CVE-2023-29854 | DirCMS 6.0.0 has a Cross Site Scripting (XSS) vulnerability in the foreground. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29854 |
CVE-2023-25551 | \n\n\n\n\n\n\n\n\n\n\nA CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site\nScripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters\nover HTTP.\n\n\n\n \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25551 |
CVE-2023-25553 | \n\n\n\n\n\n\n\n\n\n\n\n\nA CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site\nScripting') vulnerability exists on a DCE endpoint through the logging capabilities of the\nwebserver. \n\n\n\n\n\n \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25553 |
CVE-2023-29196 | Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker’s payload must pass the CSP to be executed. However, if an attacker succeeds in embedding Javascript that does pass the CSP, it could result in session hijacking for any users that view the attacker’s post. The vulnerability is patched in the latest tests-passed, beta and stable branches. Users are advised to upgrade. Users unable to upgrade should enable and/or restore your site's CSP to the default one provided with Discourse. Remove any embed-able hosts configured. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29196 |
CVE-2023-26599 | XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26599 |
CVE-2023-30614 | Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions prior to 6.3.2 a payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If the targeted application contains a functionality to submit user-generated content (such as comments) the attacker could even distribute the URL using that functionality. This has been patched in version 6.3.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30614 |
CVE-2022-4942 | A vulnerability was found in mportuga eslint-detailed-reporter up to 0.9.0 and classified as problematic. Affected by this issue is the function renderIssue in the library lib/template-generator.js. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The name of the patch is 505c190efd4905990db6207863bdcbd9b1d7e1bd. It is recommended to apply a patch to fix this issue. VDB-226310 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4942 |
CVE-2023-22309 | Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22309 |
CVE-2023-2216 | A vulnerability classified as problematic was found in Campcodes Coffee Shop POS System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument firstname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226981 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2216 |
CVE-2023-2219 | A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as problematic. This issue affects some unknown processing of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226985 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2219 |
CVE-2023-2139 | \nA reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2139 |
CVE-2022-47509 | The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-47509 |
CVE-2023-0199 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0199 |
CVE-2023-22718 | Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User Meta Manager plugin <= 3.4.9 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22718 |
CVE-2023-24404 | Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-24404 |
CVE-2022-45084 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-45084 |
CVE-2023-0899 | The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0899 |
CVE-2023-1324 | The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1324 |
CVE-2023-1420 | The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1420 |
CVE-2023-1435 | The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1435 |
CVE-2022-45837 | Reflected Cross-Site Scripting (XSS) vulnerability in Denis ???????? plugin <= 6.0.1 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-45837 |
CVE-2023-25346 | A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25346 |
CVE-2021-26263 | Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-26263 |
CVE-2021-26947 | Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-26947 |
CVE-2021-44461 | Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary web script in the browser of a victim. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-44461 |
CVE-2021-44775 | Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-44775 |
CVE-2021-45071 | Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-45071 |
CVE-2023-28261 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28261 |
CVE-2023-28286 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28286 |
CVE-2017-14419 | The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2017-14419 |
CVE-2017-14420 | The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2017-14420 |
CVE-2021-32791 | mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-32791 |
CVE-2022-21541 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-21541 |
CVE-2022-40897 | Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-40897 |
CVE-2022-37186 | In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-37186 |
CVE-2023-21954 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21954 |
CVE-2023-21967 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21967 |
CVE-2023-1255 | Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM\nplatform contains a bug that could cause it to read past the input buffer,\nleading to a crash.\n\nImpact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM\nplatform can crash in rare circumstances. The AES-XTS algorithm is usually\nused for disk encryption.\n\nThe AES-XTS cipher decryption implementation for 64 bit ARM platform will read\npast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16\nbyte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext\nbuffer is unmapped, this will trigger a crash which results in a denial of\nservice.\n\nIf an attacker can control the size and location of the ciphertext buffer\nbeing decrypted by an application using AES-XTS on 64 bit ARM, the\napplication is affected. This is fairly unlikely making this issue\na Low severity one. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-1255 |
CVE-2018-15516 | The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF. | 5.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-15516 |
CVE-2021-31810 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). | 5.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31810 |
CVE-2023-30543 | @web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In an application, this means that any data derived from `chainId` could be incorrect. For example, if a swapping application derives a wrapped token contract address from the `chainId` *and* a user has changed chains as part of their connection flow the application could cause the user to send funds to the incorrect address when wrapping. This issue has been addressed in PR #749 and is available in updated npm artifacts. There are no known workarounds for this issue. Users are advised to upgrade.\n\n\n | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-30543 |
CVE-2020-26567 | An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-26567 |
CVE-2023-21540 | Windows Cryptographic Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21540 |
CVE-2023-21550 | Windows Cryptographic Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21550 |
CVE-2023-21559 | Windows Cryptographic Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21559 |
CVE-2023-21753 | Event Tracing for Windows Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21753 |
CVE-2023-21776 | Windows Kernel Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21776 |
CVE-2023-0482 | In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0482 |
CVE-2022-48468 | protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48468 |
CVE-2015-10103 | A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setForgetTime with the input 0 leads to infinite loop. It is possible to launch the attack on the local host. Upgrading to version 1.4 is able to address this issue. The name of the patch is adf0c7fd59b9c935b4fd675c556265620124999c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226119. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2015-10103 |
CVE-2023-28980 | A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes). This issue affects: Juniper Networks Junos OS 20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6; 20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5; 20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4 21.1 version 21.1R3 and later versions prior to 21.1R3-S3; 21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2; 21.3 version 21.3R2 and later versions prior to 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO; 21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO; 21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO; 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28980 |
CVE-2023-1548 | \nA CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to\nperform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above) | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1548 |
CVE-2023-22307 | Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22307 |
CVE-2023-21929 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21929 |
CVE-2022-38125 | Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38125 |
CVE-2023-30610 | aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The `aws_sigv4::SigningParams` struct had a derived `Debug` implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is enabled for an SDK, `SigningParams` is printed, thereby revealing those credentials to anyone with access to logs. All users of the AWS SDK for Rust who enabled TRACE-level logging, either globally (e.g. `RUST_LOG=trace`), or for the `aws-sigv4` crate specifically are affected. This issue has been addressed in a set of new releases. Users are advised to upgrade. Users unable to upgrade should disable TRACE-level logging for AWS Rust SDK crates.\n | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30610 |
CVE-2023-1587 | Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11 | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1587 |
CVE-2023-1900 | A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap and lead to a denial-of-service situation. \nIssue was fixed with Endpointprotection.exe version 1.0.2303.633 | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1900 |
CVE-2023-21080 | In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-245916076 | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21080 |
CVE-2023-21082 | In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user's contact phone number due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-257030107 | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21082 |
CVE-2023-28123 | A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28123 |
CVE-2023-28124 | Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28124 |
CVE-2023-2162 | A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2162 |
CVE-2022-2084 | Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2084 |
CVE-2023-28327 | A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28327 |
CVE-2023-28328 | A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28328 |
CVE-2023-2166 | A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2166 |
CVE-2023-27652 | An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges cause a denial of service via the update_info field of the _default_.xml file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27652 |
CVE-2023-22295 | Datakit CrossCadWare_x64.dll contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information.\n\n | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22295 |
CVE-2023-22321 | \n\n\nDatakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. \n\n \n\n | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22321 |
CVE-2023-22354 | \n\n\n\n\nDatakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. \n\n \n\n \n\n | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22354 |
CVE-2023-22846 | \n\n\n\n\n\n\nDatakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. \n\n \n\n \n\n \n\n | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22846 |
CVE-2023-2177 | A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2177 |
CVE-2023-29575 | Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29575 |
CVE-2023-0190 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0190 |
CVE-2023-31081 | An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb->mux=NULL occurs, it executes vidtv_mux_stop_thread(dvb->mux). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31081 |
CVE-2023-31082 | An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31082 |
CVE-2023-31084 | An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31084 |
CVE-2023-31085 | An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31085 |
CVE-2023-29570 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29570 |
CVE-2018-6936 | Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-6936 |
CVE-2019-19222 | A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-19222 |
CVE-2022-4471 | The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4471 |
CVE-2023-1270 | Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1270 |
CVE-2023-1463 | Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1463 |
CVE-2023-1761 | Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1761 |
CVE-2023-29205 | XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be particularly dangerous since in a standard wiki, any user is able to use the html macro directly in their own user profile page. The problem has been patched in XWiki 14.8RC1. The patch involves the HTML macros and are systematically cleaned up whenever the user does not have the script correct. \n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-29205 |
CVE-2023-29206 | XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a script allowing to perform some operations when executing by a user with appropriate rights. This has been patched in XWiki 14.9-rc-1 by only executing the script if the author of it has Script rights. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-29206 |
CVE-2023-29508 | XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11.\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-29508 |
CVE-2022-45839 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA WHA Puzzle plugin <= 1.0.9 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-45839 |
CVE-2023-30538 | Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Users are advised to upgrade. For users unable to upgrade there are two possible workarounds: enable CDN handing of uploads (and ensure the CDN sanitizes SVG files) or disable SVG file uploads by ensuring that the `authorized extensions` site setting does not include `svg` (or reset that setting to the default, by default Discourse doesn't enable SVG uploads by users). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-30538 |
CVE-2023-29515 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can be exploited by creating an app in App Within Minutes. If the button should be disabled because the user doesn't have global edit right, the app can also be created by directly opening `/xwiki/bin/view/AppWithinMinutes/CreateApplication?wizard=true` on the XWiki installation. This has been patched in XWiki 13.10.11, 14.4.8, 14.10.1 and 15.0 RC1 by not granting the space admin right if the user doesn't have script right on the space where the app is created. Error message are displayed to warn the user that the app will be broken in this case. Users who became space admin through this vulnerability won't loose the space admin right due to the fix, so it is advised to check if all users who created AWM apps should keep their space admin rights. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-29515 |
CVE-2023-25759 | OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25759 |
CVE-2023-27776 | A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-27776 |
CVE-2023-27777 | Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-27777 |
CVE-2023-1767 | The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on its package health page. An attacker could create a package in NPM with an associated markdown README file containing XSS-able HTML tags. Upon Snyk Advisor importing the package, the XSS would run each time an end user browsed to the package's page on Snyk Advisor. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1767 |
CVE-2023-27090 | Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensitive information via the article title parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-27090 |
CVE-2023-2118 | Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2118 |
CVE-2023-1875 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1875 |
CVE-2022-44631 | Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in 1app Technologies, Inc 1app Business Forms plugin <= 1.0.0 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-44631 |
CVE-2022-44743 | Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.11.2 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-44743 |
CVE-2023-22698 | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jason Bobich Theme Blvd Responsive Google Maps plugin <= 1.0.2 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22698 |
CVE-2023-23717 | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in George Gecewicz Portfolio Slideshow plugin <= 1.13.0 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23717 |
CVE-2023-23817 | Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebArea | Vera Nedvyzhenko Simple PDF Viewer plugin <= 1.9 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23817 |
CVE-2023-23827 | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Google Maps v3 Shortcode plugin <= 1.2.1 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23827 |
CVE-2023-23832 | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ultimate WP Query Search Filter plugin <= 1.0.10 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23832 |
CVE-2023-23892 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jamie Poitra M Chart plugin <= 1.9.4 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23892 |
CVE-2023-1126 | The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1126 |
CVE-2023-27619 | Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes Regina Lite theme <= 2.0.7 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-27619 |
CVE-2023-25347 | A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25347 |
CVE-2023-26843 | A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-26843 |
CVE-2023-23866 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Carlos Moreira Interactive Geo Maps plugin <= 1.5.8 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23866 |
CVE-2023-23889 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23889 |
CVE-2014-7860 | The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2014-7860 |
CVE-2017-17742 | Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2017-17742 |
CVE-2019-16254 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-16254 |
CVE-2021-33259 | Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-33259 |
CVE-2022-21426 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-21426 |
CVE-2022-21434 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-21434 |
CVE-2022-21496 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-21496 |
CVE-2022-21540 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-21540 |
CVE-2022-21549 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-21549 |
CVE-2022-21618 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-21618 |
CVE-2022-21626 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-21626 |
CVE-2022-21628 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-21628 |
CVE-2023-21525 | Remote Procedure Call Runtime Denial of Service Vulnerability | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21525 |
CVE-2023-21682 | Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21682 |
CVE-2023-21743 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21743 |
CVE-2023-21830 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21830 |
CVE-2023-21835 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21835 |
CVE-2023-1539 | Improper Restriction of Excessive Authentication Attempts in GitHub repository answerdev/answer prior to 1.0.6. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-1539 |
CVE-2023-29203 | XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with `uorgsuggest.vm`. This issue only concerns hidden users from main wiki. Note that the disclosed information are the username and the first and last name of users, no other information is leaked. The problem has been patched on XWiki 13.10.8, 14.4.3 and 14.7RC1. \n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29203 |
CVE-2022-30076 | ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-30076 |
CVE-2023-28961 | An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from next-header ah' from being properly installed in the packet forwarding engine (PFE). There is no immediate indication of an incomplete firewall filter commit shown at the CLI, which could allow an attacker to send valid packets to or through the device that were explicitly intended to be dropped. An indication that the filter was not installed can be identified with the following logs: fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Config failed: Unsupported Ip-protocol 51 in the filter lo0.0-inet6-i fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Please detach the filter, remove unsupported match and re-attach fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_rule : Status:104 dnx_dfw_rule_prepare failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_filter : Status:104 dnx_dfw_process_rule failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_filter_in_hw : Status:104 Could not process filter(lo0.0-inet6-i) for rule expansion Unsupported match, action present. fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_create_hw_instance : Status:104 Could not program dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER)! [104] fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_bind_shim : [104] Could not create dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER) fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_resolve : [100] Failed to bind filter(3) to bind point fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_change_end : dnx_dfw_update_resolve (resolve type) failed This issue affects Juniper Networks Junos OS on ACX Series: All versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28961 |
CVE-2023-28963 | An Improper Authentication vulnerability in cert-mgmt.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to read arbitrary files from temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28963 |
CVE-2023-28968 | An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic application traffic, allowing an unauthenticated network-based attacker to send traffic to the target device using the JDPI-Decoder, designed to inspect dynamic application traffic and take action upon this traffic, to instead begin to not take action and to pass the traffic through. An example session can be seen by running the following command and evaluating the output. user@device# run show security flow session source-prefix <address/mask> extensive Session ID: <session ID>, Status: Normal, State: Active Policy name: <name of policy> Dynamic application: junos:UNKNOWN, <<<<< LOOK HERE Please note, the JDPI-Decoder and the AppID SigPack are both affected and both must be upgraded along with the operating system to address the matter. By default, none of this is auto-enabled for automatic updates. This issue affects: Juniper Networks any version of the JDPI-Decoder Engine prior to version 5.7.0-47 with the JDPI-Decoder enabled using any version of the AppID SigPack prior to version 1.550.2-31 (SigPack 3533) on Junos OS on SRX Series: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2; | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28968 |
CVE-2023-28978 | An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to read certain confidential information. In the default configuration it is possible to read confidential information about locally configured (administrative) users of the affected system. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S7-EVO on pending commit???; 21.1-EVO versions prior to 21.1R3-S4-EVO on awaiting build; 21.4-EVO versions prior to 21.4R3-S1-EVO; 22.2-EVO versions prior to 22.2R3-EVO; 21.2-EVO versions prior to 21.2R3-S5-EVO on pending commit???; 21.3-EVO version 21.3R1-EVO and later versions; 22.1-EVO version 22.1R1-EVO and later versions; 22.2-EVO versions prior to 22.2R2-S1-EVO. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28978 |
CVE-2023-28984 | A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service (DoS). The PFE may crash when a lot of MAC learning and aging happens, but due to a Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) that is outside the attackers direct control. This issue affects: Juniper Networks Junos OS versions prior to 19.4R3-S10 on QFX Series; 20.2 versions prior to 20.2R3-S7 on QFX Series; 20.3 versions prior to 20.3R3-S6 on QFX Series; 20.4 versions prior to 20.4R3-S5 on QFX Series; 21.1 versions prior to 21.1R3-S4 on QFX Series; 21.2 versions prior to 21.2R3-S3 on QFX Series; 21.3 versions prior to 21.3R3-S3 on QFX Series; 21.4 versions prior to 21.4R3 on QFX Series; 22.1 versions prior to 22.1R3 on QFX Series; 22.2 versions prior to 22.2R2 on QFX Series. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28984 |
CVE-2023-30541 | OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding, the proxy could revert while attempting to decode the arguments from calldata. The probability of an accidental clash is negligible, but one could be caused deliberately and could cause a reduction in availability. The issue has been fixed in version 4.8.3. As a workaround if a function appears to be inaccessible for this reason, it may be possible to craft the calldata such that ABI decoding does not fail at the proxy and the function is properly proxied through. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30541 |
CVE-2023-21939 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21939 |
CVE-2023-21971 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21971 |
CVE-2023-26048 | Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-26048 |
CVE-2023-26049 | Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-26049 |
CVE-2023-27043 | The e-mail module of Python 0 - 2.7.18, 3.x - 3.11 incorrectly parses e-mail addresses which contain a special character. This vulnerability allows attackers to send messages from e-ail addresses that would otherwise be rejected. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-27043 |
CVE-2022-2507 | In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-2507 |
CVE-2023-29921 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29921 |
CVE-2023-29923 | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29923 |
CVE-2021-43819 | Stargate-Bukkit is a mod for the minecraft video game which adds a portal focused environment. In affected versions Minecarts with chests will drop their items when teleporting through a portal; when they reappear, they will still have their items impacting the integrity of the game world. The teleport code has since been rewritten and is available in release `0.11.5.1`. Users are advised to upgrade. There are no known workarounds for this issue. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-43819 |
CVE-2023-30611 | Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. In affected versions data about what reactions were performed on a post in a private topic could be leaked. This issue has been addressed in version 0.3. Users are advised to upgrade. Users unable to upgrade should disable the discourse-reactions plugin to fully mitigate the issue. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30611 |
CVE-2023-29922 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29922 |
CVE-2021-36436 | An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-36436 |
CVE-2023-30458 | A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of the supplied password. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30458 |
CVE-2023-26840 | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to set a person to a user and set that user to be an Administrator. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-26840 |
CVE-2023-21911 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21911 |
CVE-2023-21913 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21913 |
CVE-2023-21917 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21917 |
CVE-2023-21919 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21919 |
CVE-2023-21920 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21920 |
CVE-2023-21933 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21933 |
CVE-2023-21935 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21935 |
CVE-2023-21945 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21945 |
CVE-2023-21953 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21953 |
CVE-2023-21955 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21955 |
CVE-2023-21962 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21962 |
CVE-2023-21966 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21966 |
CVE-2023-21972 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21972 |
CVE-2023-21976 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21976 |
CVE-2023-21977 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21977 |
CVE-2023-21982 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21982 |
CVE-2023-30606 | Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear_cache!` and `#notify_changed!`, which when done on a multisite instance, can affect the entire cluster resulting in a denial of service. Users not running in multisite environments are not affected. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-30606 |
CVE-2023-0317 | Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-0317 |
CVE-2023-22894 | Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then this can be exploited to discover the password hash and password reset token of all users. If the attacker has admin panel access to an account with permission to access the username and email of API users with a lower privileged role (e.g., Editor or Author), then this can be exploited to discover sensitive information for all API users but not other admin accounts. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22894 |
CVE-2023-30612 | Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily crashed, causing Deny-of-Service (DoS). This can also be a potential Use-After-Free (UAF) vulnerability. Users require to have the write access to the API socket file to trigger this vulnerability. Impacted versions of Cloud Hypervisor include upstream main branch, v31.0, and v30.0. The vulnerability was initially detected by our `http_api_fuzzer` via oss-fuzz. This issue has been addressed in versions 30.1 and 31.1. Users unable to upgrade may mitigate this issue by ensuring the write access to the API socket file is granted to trusted users only. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-30612 |
CVE-2023-29907 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29907 |
CVE-2023-29908 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetMobileAPInfoById interface at /goform/aspForm. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29908 |
CVE-2023-29909 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29909 |
CVE-2023-29910 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29910 |
CVE-2023-29911 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29911 |
CVE-2023-29912 | H3C Magic R200 R200V100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29912 |
CVE-2023-29913 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29913 |
CVE-2023-29914 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29914 |
CVE-2023-29915 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29915 |
CVE-2023-29916 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29916 |
CVE-2023-29917 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via go parameter at /goform/aspForm. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29917 |
CVE-2023-22901 | ChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administrator’s privilege can exploit this vulnerability to access arbitrary system files. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22901 |
CVE-2018-10110 | D-Link DIR-615 T1 devices allow XSS via the Add User feature. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10110 |
CVE-2022-1113 | The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setups) | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1113 |
CVE-2022-44735 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gus Sevilla WP Clictracker plugin <= 1.0.5 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44735 |
CVE-2022-44632 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denis Buka Content Repeater – Custom Posts Simplified plugin <= 1.1.13 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44632 |
CVE-2023-2155 | A vulnerability was found in SourceCodester Air Cargo Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file classes/Master.php?f=save_cargo_type. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226276. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2155 |
CVE-2023-2168 | The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Suggest Terms Title field in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2168 |
CVE-2023-2169 | The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2169 |
CVE-2023-2170 | The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2170 |
CVE-2023-2191 | Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azuracast prior to 0.18. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2191 |
CVE-2023-23938 | Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker administration. Administrative privilege is required, but an attacker with tracker administration rights could use this vulnerability to force a victim to execute uncontrolled code in the context of their browser. This issue has been addressed in Tuleap Community Edition version 14.5.99.4. Users are advised to upgrade. There are no known workarounds for this issue. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23938 |
CVE-2022-44582 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apptivo Apptivo Business Site CRM plugin <= 3.0.12 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44582 |
CVE-2022-44594 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Codebangers All in One Time Clock Lite plugin <= 1.3.320 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44594 |
CVE-2022-45361 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Boris Kuzmanov 0mk Shortener plugin <= 0.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45361 |
CVE-2022-47435 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Olive Design WP-OliveCart plugin <= 1.1.3 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47435 |
CVE-2023-24386 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Karishma Arora AI Contact Us Form plugin <= 1.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24386 |
CVE-2023-23806 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davinder Singh Custom Settings plugin <= 1.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23806 |
CVE-2023-23816 | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sitemap Index plugin <= 1.2.3 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23816 |
CVE-2023-25451 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill CPO Content Types plugin <= 1.1.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25451 |
CVE-2023-27425 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in James Irving-Swift Electric Studio Client Login plugin <= 0.8.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27425 |
CVE-2023-27614 | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox Motor Racing League plugin <= 1.9.9 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27614 |
CVE-2022-47158 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakpobox alfred24 Click & Collect plugin <= 1.1.7 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47158 |
CVE-2022-47598 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Plugins Pro WP Super Popup plugin <= 1.1.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47598 |
CVE-2023-29848 | Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29848 |
CVE-2022-41612 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shareaholic Similar Posts plugin <= 3.1.6 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41612 |
CVE-2023-25479 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25479 |
CVE-2023-25490 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25490 |
CVE-2023-25710 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGITALBLUE Click to Call or Chat Buttons plugin <= 1.4.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25710 |
CVE-2022-47608 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47608 |
CVE-2023-25484 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliver Schlöbe Simple Yearly Archive plugin <= 2.1.8 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25484 |
CVE-2023-25485 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bernhard Kux JSON Content Importer plugin <= 1.3.15 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25485 |
CVE-2023-25793 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in George Pattihis Link Juice Keeper plugin <= 2.0.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25793 |
CVE-2023-23710 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23710 |
CVE-2023-23995 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin <= 1.1.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23995 |
CVE-2023-24005 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin <= 2.5.3 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24005 |
CVE-2023-25461 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in namithjawahar Wp-Insert plugin <= 2.5.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25461 |
CVE-2023-21536 | Event Tracing for Windows Information Disclosure Vulnerability | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21536 |
CVE-2023-21766 | Windows Overlay Filter Information Disclosure Vulnerability | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21766 |
CVE-2023-1754 | Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-1754 |
CVE-2023-28979 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to bypass an integrity check. In a 6PE scenario and if an additional integrity check is configured, it will fail to drop specific malformed IPv6 packets, and then these packets will be forwarded to other connected networks. This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R2. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-28979 |
CVE-2023-1586 | Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11 | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-1586 |
CVE-2023-1382 | A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-1382 |
CVE-2023-31083 | An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-31083 |
CVE-2023-28975 | An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical access to the device to cause a Denial of Service (DoS). When certain USB devices are connected to a USB port of the routing-engine (RE), the kernel will crash leading to a reboot of the device. The device will continue to crash as long as the USB device is connected. This issue affects Juniper Networks Junos OS: All versions prior to 19.4R3-S10; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R2-S2, 22.1R3; 22.2 versions prior to 22.2R2, 22.2R3; 22.3 versions prior to 22.3R1-S1, 22.3R2; 22.4 versions prior to 22.4R2. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-28975 |
CVE-2023-21940 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-21940 |
CVE-2023-21947 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-21947 |
CVE-2023-0207 | NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0207 |
CVE-2021-21816 | An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21816 |
CVE-2022-0812 | An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-0812 |
CVE-2022-46705 | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-46705 |
CVE-2023-24911 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-24911 |
CVE-2023-27525 | An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1\n\n | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-27525 |
CVE-2023-30548 | gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server (`gatsby develop`). It should be noted that by default gatsby develop is only accessible via the localhost 127.0.0.1, and one would need to intentionally expose the server to other interfaces to exploit this vulnerability by using server options such as --host 0.0.0.0, -H 0.0.0.0, or the GATSBY_HOST=0.0.0.0 environment variable. Attackers exploiting this vulnerability will have read access to all files within the scope of the server process. A patch has been introduced in gatsby-plugin-sharp@5.8.1 and gatsby-plugin-sharp@4.25.1 which mitigates the issue by ensuring that included paths remain within the project directory. As stated above, by default gatsby develop is only exposed to the localhost 127.0.0.1. For those using the develop server in the default configuration no risk is posed. If other ranges are required, preventing the develop server from being exposed to untrusted interfaces or IP address ranges would mitigate the risk from this vulnerability. Users are non the less encouraged to upgrade to a safe version. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30548 |
CVE-2023-30540 | Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it is recommended that users upgrad to 15.0.5. There are no known workarounds for this issue. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30540 |
CVE-2021-41613 | An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The write logic of Exception Effective Address Register (EEAR) is not implemented correctly. User programs from authorized privilege levels will be unable to write to EEAR. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-41613 |
CVE-2023-2020 | Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2020 |
CVE-2023-29513 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. If guest has view right on any document. It's possible to create a new user using the `distribution/firstadminuser.wiki` in the wrong context. This vulnerability has been patched in XWiki 15.0-rc-1 and 14.10.1. There is no known workaround other than upgrading. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29513 |
CVE-2023-25601 | On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above.\n | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-25601 |
CVE-2023-26839 | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-26839 |
CVE-2023-29334 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29334 |
CVE-2022-21443 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-21443 |
CVE-2022-21619 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-21619 |
CVE-2022-21624 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-21624 |
CVE-2022-39399 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-39399 |
CVE-2023-21843 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21843 |
CVE-2022-41862 | In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-41862 |
CVE-2023-21937 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21937 |
CVE-2023-21938 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21938 |
CVE-2023-21968 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21968 |
CVE-2023-21759 | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21759 |
CVE-2023-25510 | NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-25510 |
CVE-2023-25511 | NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in cuobjdump, where a division-by-zero error may enable a user to cause a crash, which may lead to a limited denial of service. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-25511 |
CVE-2023-21963 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21963 |
CVE-2023-28440 | Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. This issue has been addressed in versions 3.0.3 and 3.1.0.beta4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-28440 |
CVE-2004-0615 | Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request. | – | https://nvd.nist.gov/vuln/detail/CVE-2004-0615 |
CVE-2005-4723 | D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. | – | https://nvd.nist.gov/vuln/detail/CVE-2005-4723 |
CVE-2006-3687 | Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900. | – | https://nvd.nist.gov/vuln/detail/CVE-2006-3687 |
CVE-2008-1266 | Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-1266 |
CVE-2011-4723 | The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2011-4723 |
CVE-2012-5306 | Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string argument. | – | https://nvd.nist.gov/vuln/detail/CVE-2012-5306 |
CVE-2012-5966 | The restricted telnet shell on the D-Link DSL2730U router allows remote authenticated users to bypass intended command restrictions via shell metacharacters that follow a whitelisted command. | – | https://nvd.nist.gov/vuln/detail/CVE-2012-5966 |
CVE-2012-4046 | The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value. | – | https://nvd.nist.gov/vuln/detail/CVE-2012-4046 |
CVE-2013-6026 | The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-6026 |
CVE-2013-6027 | Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-6027 |
CVE-2013-5946 | The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-5946 |
CVE-2013-7004 | D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-7004 |
CVE-2013-7005 | D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-7005 |
CVE-2013-6786 | Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-6786 |
CVE-2013-4772 | D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-4772 |
CVE-2014-3760 | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable the DMZ in the Firewall/DMZ section via a request to index.cgi or (3) add, (4) modify, or (5) delete URL-filter settings in the Control/URL-filter section via a request to index.cgi, as demonstrated by adding a rule that blocks access to google.com. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-3760 |
CVE-2014-3761 | Cross-site scripting (XSS) vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi in the Control/URL-filter section. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-3761 |
CVE-2014-3872 | Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-3872 |
CVE-2014-3936 | Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-3936 |
CVE-2011-4821 | Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote attackers to read arbitrary files via unspecified vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2011-4821 |
CVE-2014-4645 | Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-4645 |
CVE-2013-7389 | Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-7389 |
CVE-2014-4927 | Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-4927 |
CVE-2014-10025 | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-10025 |
CVE-2014-10026 | index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-10026 |
CVE-2014-10027 | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-10027 |
CVE-2014-10028 | Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-10028 |
CVE-2015-1028 | Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer). | – | https://nvd.nist.gov/vuln/detail/CVE-2015-1028 |
CVE-2015-2048 | Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-2048 |
CVE-2015-2049 | Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-2049 |
CVE-2015-2050 | D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-2050 |
CVE-2015-2051 | The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-2051 |
CVE-2015-2052 | Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-2052 |
CVE-2014-8361 | The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-8361 |
CVE-2015-5999 | Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-5999 |
CVE-2023-29197 | guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\\n) into both the header names and values. While the specification states that \\r\\n\\r\\n is used to terminate the header list, many servers in the wild will also accept \\n\\n. This is a follow-up to CVE-2022-24775 where the fix was incomplete. The issue has been patched in versions 1.9.1 and 2.4.5. There are no known workarounds for this vulnerability. Users are advised to upgrade. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29197 |
CVE-2023-29479 | Ribose RNP before 0.16.3 may hang when the input is malformed. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29479 |
CVE-2023-2251 | Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-4. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2251 |
CVE-2023-29530 | Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value, can cause an invalid message. This can lead to denial of service vectors or application errors. The problem has been patched in following versions 2.18.1, 2.19.1, 2.20.1, 2.21.1, 2.22.1, 2.23.1, 2.24.1, and 2.25.1. As a workaround, validate HTTP header keys and/or values, and if using user-supplied values, filter them to strip off leading or trailing newline characters before calling `withHeader()`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29530 |
CVE-2023-28484 | In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28484 |
CVE-2023-29469 | An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29469 |
CVE-2022-42335 | x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handling it is possible for a guest with a PCI device passed through to cause the hypervisor to access an arbitrary pointer partially under guest control. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-42335 |
CVE-2023-29552 | The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29552 |
CVE-2023-25652 | Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25652 |
CVE-2023-25815 | In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\\mingw64\\share\\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\\` (and since `C:\\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1.\n\nThis vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\\`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25815 |
CVE-2023-29007 | Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29007 |
CVE-2023-20869 | VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20869 |
CVE-2023-20870 | VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20870 |
CVE-2023-0045 | The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.\n\nWe recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0045 |
CVE-2023-31223 | Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31223 |
CVE-2012-5872 | ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause. | – | https://nvd.nist.gov/vuln/detail/CVE-2012-5872 |
CVE-2012-5873 | ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action. | – | https://nvd.nist.gov/vuln/detail/CVE-2012-5873 |
CVE-2023-26560 | Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26560 |
CVE-2023-27843 | SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27843 |
CVE-2023-30106 | Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30106 |
CVE-2023-30111 | Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30111 |
CVE-2023-30404 | Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30404 |
CVE-2022-36769 | \nIBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-36769 |
CVE-2022-41739 | \nIBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41739 |
CVE-2023-2294 | A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the argument strorder leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227481 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2294 |
CVE-2023-2273 | Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2273 |
CVE-2023-26286 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26286 |
CVE-2023-24796 | Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24796 |
CVE-2023-29257 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29257 |
CVE-2022-25273 | Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-25273 |
CVE-2022-25274 | Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-25274 |
CVE-2022-25275 | In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-25275 |
CVE-2022-39989 | An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials, but does not force nor prompt the administrators to change the credentials. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-39989 |
CVE-2023-1387 | Grafana is an open-source platform for monitoring and observability. \n\nStarting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. \n\nBy enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1387 |
CVE-2023-22728 | Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22728 |
CVE-2023-30112 | Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30112 |
CVE-2023-30265 | CLTPHP <=6.0 is vulnerable to Directory Traversal. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30265 |
CVE-2023-30266 | CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30266 |
CVE-2023-30267 | CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30267 |
CVE-2023-30269 | CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30269 |
CVE-2022-25276 | The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-25276 |
CVE-2022-25277 | Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-25277 |
CVE-2022-25278 | Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-25278 |
CVE-2023-22729 | Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22729 |
CVE-2022-27978 | Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-27978 |
CVE-2022-27979 | A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-27979 |
CVE-2023-30210 | OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30210 |
CVE-2023-30211 | OURPHP <= 7.2.0 is vulnerable to SQL Injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30211 |
CVE-2023-2307 | Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2307 |
CVE-2023-30212 | OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30212 |
CVE-2023-29268 | The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29268 |
CVE-2022-44232 | libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt() in decompile.c unknown type may lead to denial of service. This is a different vulnerability than CVE-2018-9132 and CVE-2018-20427. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-44232 |
CVE-2023-0458 | A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0458 |
CVE-2023-26930 | Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26930 |
CVE-2023-26931 | Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the TextOutputDev.cc function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26931 |
CVE-2023-26934 | An issue found in XPDF v.4.04 allows an attacker to cause a denial of service via a crafted pdf file in the object.cc parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26934 |
CVE-2023-26935 | Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via SharedFile::readBlock at /xpdf/Stream.cc. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26935 |
CVE-2023-26936 | Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via gmalloc in gmem.cc | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26936 |
CVE-2023-26937 | Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via GString::resize located in goo/GString.cc | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26937 |
CVE-2023-26938 | Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service viaSharedFile::readBlock located in goo/gfile.cc. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26938 |
CVE-2023-30546 | Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System (CFS) backend for the storage of data (file os/storage/antelope/storage-cfs.c). In the functions `storage_get_index` and `storage_put_index`, a buffer for merging two strings is allocated with one byte less than the maximum size of the merged strings, causing subsequent function calls to the cfs_open function to read from memory beyond the buffer size. The vulnerability has been patched in the "develop" branch of Contiki-NG, and is expected to be included in the next release. As a workaround, the problem can be fixed by applying the patch in Contiki-NG pull request #2425. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30546 |
CVE-2023-30841 | Baremetal Operator (BMO) is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included `deploy.sh` store their `.htpasswd` files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management cluster, or access to the management cluster's Etcd storage. This issue is patched in baremetal-operator PR#1241, and is included in BMO release 0.3.0 onwards. As a workaround, users may modify the kustomizations and redeploy the BMO, or recreate the required ConfigMaps as Secrets per instructions in baremetal-operator PR#1241. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30841 |
CVE-2023-31250 | The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31250 |
CVE-2020-36070 | Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36070 |
CVE-2022-45456 | Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45456 |
CVE-2023-26567 | Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26567 |
CVE-2023-27559 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27559 |
CVE-2023-28008 | HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28008 |
CVE-2023-28009 | HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28009 |
CVE-2023-29596 | Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an attacker to execute arbitrary code and cause a denial of service via the paq8 function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29596 |
CVE-2023-29835 | Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29835 |
CVE-2023-29836 | Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29836 |
CVE-2023-30280 | Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30280 |
CVE-2023-29442 | Zoho ManageEngine Applications Manager through 16390 allows DOM XSS. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29442 |
CVE-2023-29443 | Zoho ManageEngine ServiceDesk Plus through 14104 allows admin users to conduct an XXE attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29443 |
CVE-2023-2291 | Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2291 |
CVE-2023-30363 | vConsole v3.15.0 was discovered to contain a prototype pollution due to incorrect key and value resolution in setOptions in core.ts. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30363 |
CVE-2023-30843 | Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a workaround, write a `beforeOperation` hook to remove `where` queries that attempt to access hidden field data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30843 |
CVE-2023-30846 | typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with `BasicCredentialHandler`, `BearerCredentialHandler` or `PersonalAccessTokenCredentialHandler`. Second, the target host may return a redirection (3xx), with a link to a second host. Third, the next request will use the credentials to authenticate with the second host, by setting the `Authorization` header. The expected behavior is that the next request will *NOT* set the `Authorization` header. The problem was fixed in version 1.8.0. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30846 |
CVE-2022-45876 | Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45876 |
CVE-2023-27107 | Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27107 |
CVE-2023-1786 | Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1786 |
CVE-2023-2297 | The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (wppb_front_end_password_recovery). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-0814, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2297 |
CVE-2023-25292 | Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25292 |
CVE-2023-26243 | An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to create custom firmware that may be installed in the IVI system. Then, an attacker may be able to install a backdoor in the IVI system that may allow him to control it, if it is connected to the Internet through Wi-Fi. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26243 |
CVE-2023-26244 | An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26244 |
CVE-2023-26245 | An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26245 |
CVE-2023-26246 | An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26246 |
CVE-2022-47758 | Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allowing attackers to execute arbitrary code via a DHCP hijacking attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47758 |
CVE-2023-31285 | An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator user. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31285 |
CVE-2023-31286 | An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31286 |
CVE-2023-31287 | An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31287 |
CVE-2023-31290 | Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input seed, resulting in only four billion possible mnemonics. The affected versions of the browser extension are 0.0.172 through 0.0.182. To steal funds efficiently, an attacker can identify all Ethereum addresses created since the 0.0.172 release, and check whether they are Ethereum addresses that could have been created by this extension. To respond to the risk, affected users need to upgrade the product version and also move funds to a new wallet address. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31290 |
CVE-2023-28769 | The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28769 |
CVE-2023-28770 | The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28770 |
CVE-2023-2322 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2322 |
CVE-2023-2323 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2323 |
CVE-2023-1778 | This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems.\n\nThe vulnerability has been addressed by forcing the user to change their default password to a new non-default password.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1778 |
CVE-2023-2327 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2327 |
CVE-2023-2328 | Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2328 |
CVE-2023-2331 | Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows application will allows to insert arbitrary code into the service.\nThis issue affects Surelock Windows : from 2.3.12 through 2.40.0.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2331 |
CVE-2023-2336 | Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2336 |
CVE-2023-2338 | SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2338 |
CVE-2023-2339 | Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2339 |
CVE-2023-29255 | IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29255 |
CVE-2023-2340 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2340 |
CVE-2023-30444 | IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30444 |
CVE-2023-24966 | IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24966 |
CVE-2023-2341 | Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2341 |
CVE-2023-2342 | Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2342 |
CVE-2023-2343 | Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2343 |
CVE-2023-2344 | A vulnerability has been found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=save_service of the component HTTP POST Request Handler. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227587. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2344 |
CVE-2023-30349 | JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30349 |
CVE-2023-2345 | A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_inquiry. The manipulation leads to improper authorization. The attack may be launched remotely. The identifier of this vulnerability is VDB-227588. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2345 |
CVE-2023-2346 | A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227589 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2346 |
CVE-2023-2347 | A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/services/manage_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227590 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2347 |
CVE-2023-2348 | A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227591. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2348 |
CVE-2023-30338 | Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30338 |
CVE-2023-30847 | H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP servers. Pull request number 3229 fixes the issue. The pull request has been merged to the `master` branch in commit f010336. Users should upgrade to commit f010336 or later. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30847 |
CVE-2023-2349 | A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227592. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2349 |
CVE-2023-2350 | A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227593 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2350 |
CVE-2023-30848 | Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30848 |
CVE-2023-30849 | Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30849 |
CVE-2023-30624 | Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issues when compiled with LLVM 16 which causes some writes, which are critical for correctness, to be optimized away. Vulnerable versions of Wasmtime compiled with Rust 1.70, which is currently in beta, or later are known to have incorrectly compiled functions. Versions of Wasmtime compiled with the current Rust stable release, 1.69, and prior are not known at this time to have any issues, but can theoretically exhibit potential issues.\n\nThe underlying problem is that Wasmtime's runtime state for an instance involves a Rust-defined structure called `Instance` which has a trailing `VMContext` structure after it. This `VMContext` structure has a runtime-defined layout that is unique per-module. This representation cannot be expressed with safe code in Rust so `unsafe` code is required to maintain this state. The code doing this, however, has methods which take `&self` as an argument but modify data in the `VMContext` part of the allocation. This means that pointers derived from `&self` are mutated. This is typically not allowed, except in the presence of `UnsafeCell`, in Rust. When compiled to LLVM these functions have `noalias readonly` parameters which means it's UB to write through the pointers.\n\nWasmtime's internal representation and management of `VMContext` has been updated to use `&mut self` methods where appropriate. Additionally verification tools for `unsafe` code in Rust, such as `cargo miri`, are planned to be executed on the `main` branch soon to fix any Rust-level issues that may be exploited in future compiler versions.\n\nPrecomplied binaries available for Wasmtime from GitHub releases have been compiled with at most LLVM 15 so are not known to be vulnerable. As mentioned above, however, it's still recommended to update.\n\nWasmtime version 6.0.2, 7.0.1, and 8.0.1 have been issued which contain the patch necessary to work correctly on LLVM 16 and have no known UB on LLVM 15 and earlier. If Wasmtime is compiled with Rust 1.69 and prior, which use LLVM 15, then there are no known issues. There is a theoretical possibility for undefined behavior to exploited, however, so it's recommended that users upgrade to a patched version of Wasmtime. Users using beta Rust (1.70 at this time) or nightly Rust (1.71 at this time) must update to a patched version to work correctly. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30624 |
CVE-2023-30850 | Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30850 |
CVE-2023-30852 | Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `../` patterns to go out from the application webroot followed by path of the folder where the file is located in the "scriptPath" parameter and the file name in the "scripts" parameter. The JavaScript file is successfully read only if the web application has read access to it. Users should update to version 10.5.21 to receive a patch or, as a workaround, apply the patch manual. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30852 |
CVE-2023-2158 | Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A malicious actor who creates this token can supply it to a separate Code Dx system, provided they know the username they want to impersonate, and impersonate the user. Score 6.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2158 |
CVE-2023-2335 | \nPlaintext Password in Registry\n\n vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve \n\nAdmin user credentials\n\nThis issue affects surelock windows: from 2.3.12 through 2.40.0.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2335 |
CVE-2023-27860 | IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27860 |
CVE-2023-2355 | Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2355 |
CVE-2022-31647 | Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31647 |
CVE-2022-34292 | Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34292 |
CVE-2022-37326 | Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-37326 |
CVE-2022-38730 | Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\\dataRoot\\network\\files\\local-kv.db because of a TOCTOU race condition. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-38730 |
CVE-2023-29950 | swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function enumerateUsedIDs_fillstyle at modules/swftools.c | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29950 |
CVE-2022-25091 | Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-25091 |
CVE-2023-25437 | An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25437 |
CVE-2023-29471 | Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29471 |
CVE-2023-29489 | An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29489 |
CVE-2023-1967 | Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1967 |
CVE-2023-30380 | An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30380 |
CVE-2023-28384 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28384 |
CVE-2023-28400 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28400 |
CVE-2023-28716 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28716 |
CVE-2023-29150 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29150 |
CVE-2023-29169 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29169 |
CVE-2023-2356 | Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2356 |
CVE-2023-27556 | IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling which could allow a remote attacker to cause a denial of service. IBM X-Force ID: 249190. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27556 |
CVE-2020-4729 | IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the application to crash. IBM X-Force ID: 188052. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-4729 |
CVE-2023-27557 | IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27557 |
CVE-2023-31436 | qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31436 |
CVE-2023-28528 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28528 |
CVE-2023-28882 | Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28882 |
CVE-2023-2361 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2361 |
CVE-2022-48481 | In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48481 |
CVE-2023-2363 | A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. This issue affects some unknown processing of the file view_room.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227639. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2363 |
CVE-2023-2364 | A vulnerability, which was classified as problematic, was found in SourceCodester Resort Reservation System 1.0. Affected is an unknown function of the file registration.php. The manipulation of the argument fullname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227640. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2364 |
CVE-2023-30466 | This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.\n\nSuccessful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30466 |
CVE-2023-30467 | This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.\n\nSuccessful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30467 |
CVE-2023-2360 | Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2360 |
CVE-2023-2365 | A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=delete_subject. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227641 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2365 |
CVE-2023-2366 | A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=delete_class. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227642 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2366 |
CVE-2022-38583 | On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-38583 |
CVE-2022-41397 | The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41397 |
CVE-2022-41398 | The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41398 |
CVE-2022-41399 | The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41399 |
CVE-2022-41400 | Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41400 |
CVE-2023-2367 | A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/manage_academic.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227643. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2367 |
CVE-2023-2368 | A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php?page=manage_questionnaire. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227644. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2368 |
CVE-2023-2369 | A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/manage_restriction.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227645 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2369 |
CVE-2023-30024 | Insecure Permissions vulnerability found in MagicJack A921 USB Phone Jack Rev 3.0 v.1.4 allows a physically proximate attacker to escalate privileges and gain access to sensitive information via the NAND flash memory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30024 |
CVE-2023-28471 | Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28471 |
CVE-2023-28472 | Concrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28472 |
CVE-2023-28473 | Concrete CMS (previously concrete5) before 9.2 is vulnerable to possible Auth bypass in the jobs section. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28473 |
CVE-2023-28474 | Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Saved Presets on search. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28474 |
CVE-2023-28475 | Concrete CMS (previously concrete5) before 9.2 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28475 |
CVE-2023-28476 | Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Tags on uploaded files. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28476 |
CVE-2023-28477 | Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28477 |
CVE-2023-28819 | Concrete CMS (previously concrete5) before 9.1 is vulnerable to Stored XSS in uploaded file and folder names. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28819 |
CVE-2023-28820 | Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28820 |
CVE-2023-28821 | Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28821 |
CVE-2023-2370 | A vulnerability classified as critical has been found in SourceCodester Online DJ Management System 1.0. Affected is an unknown function of the file admin/events/manage_event.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227646 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2370 |
CVE-2023-2371 | A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/inquiries/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227647. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2371 |
CVE-2023-2372 | A vulnerability, which was classified as problematic, has been found in SourceCodester Online DJ Management System 1.0. Affected by this issue is some unknown functionality of the file classes/Master.php?f=save_event. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227648. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2372 |
CVE-2023-2373 | A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Management Interface. The manipulation of the argument ecn-up leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227649 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2373 |
CVE-2023-30123 | wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30123 |
CVE-2023-30125 | EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30125 |
CVE-2023-0834 | Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0834 |
CVE-2023-1477 | Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1477 |
CVE-2023-29815 | mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29815 |
CVE-2023-2374 | A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument ecn-down leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227650 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2374 |
CVE-2023-2375 | A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227651. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2375 |
CVE-2022-31643 | A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31643 |
CVE-2023-27971 | Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27971 |
CVE-2023-27972 | Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27972 |
CVE-2023-2376 | A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227652. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2376 |
CVE-2023-2377 | A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web Management Interface. The manipulation of the argument name leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227653 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2377 |
CVE-2023-2378 | A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument suffix-rate-up leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227654 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2378 |
CVE-2023-30853 | Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets configured for the repository.\n\nSecrets configured for GitHub Actions are normally passed to the Gradle Build Tool via environment variables. Due to the way that the Gradle Build Tool records these environment variables, they may be persisted into an entry in the GitHub Actions cache. This data stored in the GitHub Actions cache can be read by a GitHub Actions workflow running in an untrusted context, such as that running for a Pull Request submitted by a developer via a repository fork.\n\nThis vulnerability was discovered internally through code review, and we have not seen any evidence of it being exploited in the wild. However, in addition to upgrading the Gradle Build Action, affected users should delete any potentially vulnerable cache entries and may choose to rotate any potentially affected secrets.\n\nGradle Build Action v2.4.2 and newer no longer saves this sensitive data for later use, preventing ongoing leakage of secrets via the GitHub Actions Cache.\n\nWhile upgrading to the latest version of the Gradle Build Action will prevent leakage of secrets going forward, additional actions may be required due to current or previous GitHub Actions Cache entries containing this information.\n\nCurrent cache entries will remain vulnerable until they are forcibly deleted or they expire naturally after 7 days of not being used. Potentially vulnerable entries can be easily identified in the GitHub UI by searching for a cache entry with key matching `configuration-cache-*`. The maintainers recommend that users of the Gradle Build Action inspect their list of cache entries and manually delete any that match this pattern.\n\nWhile maintainers have not seen any evidence of this vulnerability being exploited, they recommend cycling any repository secrets if you cannot be certain that these have not been compromised. Compromise could occur if a user runs a GitHub Actions workflow for a pull request attempting to exploit this data. \nWarning signs to look for in a pull request include:\n- Making changes to GitHub Actions workflow files in a way that may attempt to read/extract data from the Gradle User Home or `<project-root>/.gradle` directories.\n- Making changes to Gradle build files or other executable files that may be invoked by a GitHub Actions workflow, in a way that may attempt to read/extract information from these locations.\n\nSome workarounds to limit the impact of this vulnerability are available:\n- If the Gradle project does not opt-in to using the configuration cache, then it is not vulnerable. \n- If the Gradle project does opt-in to using the configuration-cache by default, then the `--no-configuration-cache` command-line argument can be used to disable this feature in a GitHub Actions workflow.\n\nIn any case, we recommend that users carefully inspect any pull request before approving the execution of GitHub Actions workflows. It may be prudent to require approval for all PRs from external contributors. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30853 |
CVE-2023-30854 | AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint `/plugin/CloneSite/cloneClient.json.php` allows attackers to achieve Remote Code Execution. This issue is fixed in version 12.4. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30854 |
CVE-2023-30856 | eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The project has been archived since 2021, and as of time of publication there are no plans to patch this issue and release a new version. Some workarounds are available, including shutting down eDEX-UI when browsing the web and ensuring the eDEX terminal runs with lowest possible privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30856 |
CVE-2023-1526 | Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1526 |
CVE-2023-27973 | Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27973 |
CVE-2023-2379 | A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2379 |
CVE-2023-2380 | A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227658 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2380 |
CVE-2023-2381 | A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=bandwidth_profile.htm of the component Web Management Interface. The manipulation of the argument BandWidthProfile.ProfileName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227659. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2381 |
CVE-2023-2382 | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument sysLogInfo.serverName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2382 |
CVE-2023-25930 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25930 |
CVE-2023-27555 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27555 |
CVE-2023-27864 | IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 249327. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27864 |
CVE-2023-2383 | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2383 |
CVE-2023-2384 | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument dhcp.SecDnsIPByte2 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2384 |
CVE-2023-2385 | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=ike_policies.htm of the component Web Management Interface. The manipulation of the argument IpsecIKEPolicy.IKEPolicyName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2385 |
CVE-2023-30455 | An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without throwing an error. When this many IDs are supplied, the server takes around 60 seconds to respond and successfully generate the expected ZIP archive (during this time period, no other pages load). A threat actor could issue a request to this endpoint with 100+ statement IDs every 30 seconds, potentially resulting in an overload of the server for all users. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30455 |
CVE-2023-1966 | Instruments with Illumina Universal Copy Service v1.x and\nv2.x contain an unnecessary privileges vulnerability. An unauthenticated\nmalicious actor could upload and execute code remotely at the operating system\nlevel, which could allow an attacker to change settings, configurations,\nsoftware, or access sensitive data on the affected product.\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1966 |
CVE-2023-1968 | \nInstruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications. \n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1968 |
CVE-2023-26021 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26021 |
CVE-2023-26022 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26022 |
CVE-2023-2386 | A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.toAddr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2386 |
CVE-2023-2387 | A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2387 |
CVE-2023-30454 | An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be passed to an eval() function and executed upon pressing the continue button. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30454 |
CVE-2020-21643 | Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-21643 |
CVE-2020-23647 | Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-23647 |
CVE-2023-26781 | SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26781 |
CVE-2023-26782 | An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26782 |
CVE-2023-26813 | SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26813 |
CVE-2023-2388 | A vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4.3.5-3. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2388 |
CVE-2023-2389 | A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2389 |
CVE-2023-2390 | A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server1 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2390 |
CVE-2023-29057 | A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29057 |
CVE-2023-29058 | A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29058 |
CVE-2023-2391 | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server2 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2391 |
CVE-2023-2392 | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. Affected is an unknown function of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ManualDate.minutes leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2392 |
CVE-2023-2393 | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument ConfigPort.LogicalIfName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2393 |
CVE-2023-2394 | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument wanName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2394 |
CVE-2023-30405 | A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the wl_ssid parameter at /boafrm/formHomeWlanSetup. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30405 |
CVE-2023-30857 | @aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` decorator from the `@aedart/support` package. The likelihood of exploitation is questionable, given that a class's metadata can only be set or altered when the class is decorated via `meta()`. Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can lead to a security impact. The issue has been patched in version `0.6.1`.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30857 |
CVE-2023-30858 | The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the `replace`, `unemojify`, or `strip` functions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30858 |
CVE-2023-31444 | In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31444 |
CVE-2023-31470 | SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer overflow in the _dns_encode_domain function in the dns.c file, via a crafted DNS request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31470 |
CVE-2023-24269 | An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24269 |
CVE-2023-25495 | A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25495 |
CVE-2023-25496 | A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25496 |
CVE-2023-29056 | A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29056 |
CVE-2023-2395 | A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the component Web Management Interface. The manipulation of the argument Login.userAgent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227673 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2395 |
CVE-2023-2396 | A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument USERDBUsers.Password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2396 |
CVE-2023-2397 | A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Mobile Comparison Website 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_field. The manipulation of the argument Field Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227675. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2397 |
CVE-2023-2408 | A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. Affected by this issue is some unknown functionality of the file services/view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227702 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2408 |
CVE-2023-2409 | A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. This affects an unknown part of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227703. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2409 |
CVE-2023-2410 | A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/bookings/view_booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227704. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2410 |
CVE-2023-2411 | A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227705 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2411 |
CVE-2023-31483 | tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31483 |
CVE-2023-2412 | A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227706 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2412 |
CVE-2023-2413 | A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookings/manage_booking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227707. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2413 |
CVE-2023-31484 | CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31484 |
CVE-2023-31485 | GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31485 |
CVE-2023-31486 | HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31486 |
CVE-2023-2417 | A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 and classified as problematic. Affected by this issue is some unknown functionality of the file C:\\Program Files (x86)\\HostMonitor\\RMA-Win\\rma_active.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 12.60 is able to address this issue. It is recommended to upgrade the affected component. VDB-227714 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2417 |
CVE-2023-2418 | A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The associated identifier of this vulnerability is VDB-227715. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2418 |
CVE-2023-2419 | A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \\crmeb\\app\\services\\system\\attachment\\SystemAttachmentServices.php. The manipulation of the argument filename leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227716. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2419 |
CVE-2023-2420 | A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file upload\\inc\\include\\common.func.php. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227717 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2420 |
CVE-2023-2421 | A vulnerability classified as problematic has been found in Control iD RHiD 23.3.19.0. Affected is an unknown function of the file /v2/#/add/department. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-227718 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2421 |
CVE-2022-41736 | IBM Spectrum Scale Container Native Storage Access \n\n5.1.2.1 through 5.1.6.0\n\ncontains an unspecified vulnerability that could allow a local user to obtain root privileges. IBM X-Force ID: 237810. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41736 |
CVE-2022-43871 | IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239707. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-43871 |
CVE-2023-30792 | Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript\: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30792 |
CVE-2023-2424 | A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227750 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2424 |
CVE-2023-2425 | A vulnerability was found in SourceCodester Simple Student Information System 1.0. It has been classified as problematic. This affects an unknown part of the file /classes/Master.php?f=save_course of the component Add New Course. The manipulation of the argument name with the input --redacted-- leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227751 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2425 |
CVE-2023-30441 | IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30441 |
CVE-2023-2426 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2426 |
CVE-2023-2428 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2428 |
CVE-2023-2429 | Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2429 |
CVE-2015-10104 | A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-10104 |
CVE-2015-10105 | A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The name of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-10105 |
CVE-2018-25085 | A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The name of the patch is 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755. | – | https://nvd.nist.gov/vuln/detail/CVE-2018-25085 |
CVE-2023-2235 | A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.\n\nThe perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.\n\nWe recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2235 |
CVE-2023-2236 | A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nBoth io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2236 |
CVE-2023-2248 | A heap out-of-bounds read/write vulnerability in the Linux Kernel traffic control (QoS) subsystem can be exploited to achieve local privilege escalation.\n\nThe qfq_change_class function does not properly limit the lmax variable which can lead to out-of-bounds read/write. If the TCA_QFQ_LMAX value is not offered through nlattr, lmax is determined by the MTU value of the network device. The MTU of the loopback device can be set up to 2^31-1 and as a result, it is possible to have an lmax value that exceeds QFQ_MIN_LMAX.\n\nWe recommend upgrading past commit 3037933448f60f9acb705997eae62013ecb81e0d.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2248 |
CVE-2023-0896 | A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0896 |
CVE-2023-30061 | D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30061 |
CVE-2023-30063 | D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30063 |
CVE-2023-30859 | Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the 'triton:main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin), many servers use essentials so the /geoip command could be available to them, etc. This could also be modified to allow you to set the servers language, set another players language, etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30859 |
CVE-2022-45801 | Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability.\nLDAP Injection is an attack used to exploit web based applications\nthat construct LDAP statements based on user input. When an\napplication fails to properly sanitize user input, it's possible to\nmodify LDAP statements through techniques similar to SQL Injection.\nLDAP injection attacks could result in the granting of permissions to\nunauthorized queries, and content modification inside the LDAP tree.\nThis risk may only occur when the user logs in with ldap, and the user\nname and password login will not be affected, Users of the affected\nversions should upgrade to Apache StreamPark 2.0.0 or later.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45801 |
CVE-2022-45802 | Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45802 |
CVE-2022-46365 | Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46365 |
CVE-2022-48186 | A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48186 |
CVE-2022-4568 | A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4568 |
CVE-2023-0683 | A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0683 |
CVE-2023-25492 | A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25492 |
CVE-2023-28092 | A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28092 |
CVE-2023-29635 | File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29635 |
CVE-2023-29636 | Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29636 |
CVE-2023-29637 | Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the "article editor" page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29637 |
CVE-2023-29638 | Cross Site Scripting (XSS) vulnerability in WinterChenS my-site before commit 3f0423da6d5200c7a46e200da145c1f54ee18548, allows attackers to inject arbitrary web script or HTML via editing blog articles. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29638 |
CVE-2023-29639 | Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29639 |
CVE-2023-29641 | Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29641 |
CVE-2023-29643 | Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29643 |
CVE-2023-2451 | A vulnerability was found in SourceCodester Online DJ Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/bookings/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227795. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2451 |
CVE-2023-22503 | Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature.\r\n\r\nThis vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team.\r\n\r\nThe affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22503 |
CVE-2023-22919 | The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22919 |
CVE-2023-22921 | A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22921 |
CVE-2023-22922 | A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22922 |
CVE-2023-22923 | A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions on an affected device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22923 |
CVE-2023-22924 | A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22924 |
CVE-2022-35898 | OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-35898 |
CVE-2023-2197 | HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2197 |
CVE-2023-26987 | An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26987 |
CVE-2023-27035 | An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27035 |
CVE-2023-27108 | An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allows an attacker to send the user's call logs to a remote server via XMLHttpRequest or Fetch. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27108 |
CVE-2023-29680 | Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29680 |
CVE-2023-29681 | Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29681 |
CVE-2023-30639 | Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. 6.11.P4 (6.11.0.4) is also a fixed release. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30639 |
CVE-2013-10026 | A vulnerability, which was classified as problematic, has been found in Mail Subscribe List Plugin up to 2.0.10 on WordPress. This issue affects some unknown processing of the file index.php. The manipulation of the argument sml_name/sml_email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.1 is able to address this issue. The name of the patch is 484970ef8285cae51d2de3bd4e4684d33c956c28. It is recommended to upgrade the affected component. The identifier VDB-227765 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-10026 |
CVE-2014-125100 | A vulnerability classified as problematic was found in BestWebSoft Job Board Plugin 1.0.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is dbb71deee071422ce3e663fbcdce3ad24886f940. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227764. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-125100 |
CVE-2022-48482 | 3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48482 |
CVE-2022-48483 | 3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48483 |
CVE-2023-2247 | In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2247 |
CVE-2022-25713 | Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-25713 |
CVE-2022-33281 | Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33281 |
CVE-2022-33292 | Memory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting it. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33292 |
CVE-2022-33304 | Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33304 |
CVE-2022-33305 | Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33305 |
CVE-2022-34144 | Transient DOS due to reachable assertion in Modem during OSI decode scheduling. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34144 |
CVE-2022-40505 | Information disclosure due to buffer over-read in Modem while parsing DNS hostname. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-40505 |
CVE-2022-40508 | Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-40508 |
CVE-2023-21642 | Memory corruption in HAB Memory management due to broad system privileges via physical address. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21642 |
CVE-2023-21665 | Memory corruption in Graphics while importing a file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21665 |
CVE-2023-21666 | Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21666 |
CVE-2022-33273 | Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33273 |
CVE-2022-40504 | Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-40504 |
CVE-2023-0891 | The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0891 |
CVE-2023-0924 | The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0924 |
CVE-2023-1021 | The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1021 |
CVE-2023-1090 | The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1090 |
CVE-2023-1125 | The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1125 |
CVE-2023-1525 | The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1525 |
CVE-2023-1546 | The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1546 |
CVE-2023-1554 | The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1554 |
CVE-2023-1614 | The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1614 |
CVE-2023-1669 | The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1669 |
CVE-2023-1730 | The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1730 |
CVE-2023-1804 | The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1804 |
CVE-2023-1805 | The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1805 |
CVE-2023-1809 | The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1809 |
CVE-2023-1861 | The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1861 |
CVE-2023-1911 | The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1911 |
CVE-2023-1196 | The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1196 |
CVE-2023-2000 | Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2000 |
CVE-2023-31207 | Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31207 |
CVE-2023-30869 | Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30869 |
CVE-2023-23723 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23723 |
CVE-2023-29772 | A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29772 |
CVE-2023-2473 | A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227860. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2473 |
CVE-2023-2474 | A vulnerability has been found in Rebuild 3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-227866 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2474 |
CVE-2023-2475 | A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument ?? leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-227867. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2475 |
CVE-2023-2445 | Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2445 |
CVE-2023-2476 | A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument ????/???? leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-227868. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2476 |
CVE-2023-2477 | A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227869 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2477 |
CVE-2023-2479 | OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2479 |
CVE-2023-29867 | Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29867 |
CVE-2023-29868 | Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29868 |
CVE-2023-29918 | RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29918 |
CVE-2023-30861 | Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.\n\n1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.\n2. The application sets `session.permanent = True`\n3. The application does not access or modify the session at any point during a request.\n4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default).\n5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.\n\nThis happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30861 |
CVE-2022-47874 | Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47874 |
CVE-2022-47875 | A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47875 |
CVE-2022-47876 | The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47876 |
CVE-2022-47877 | A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47877 |
CVE-2022-47878 | Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47878 |
CVE-2023-26089 | European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26089 |
CVE-2023-26546 | European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26546 |
CVE-2023-29778 | GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29778 |
CVE-2023-30403 | An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to bypass login by connecting to the web app after a successful attempt by a legitimate user. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30403 |
CVE-2023-30943 | The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30943 |
CVE-2023-30944 | The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30944 |
CVE-2023-31433 | A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allows authenticated attackers to execute SQL statements via the welche parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31433 |
CVE-2023-31434 | The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31434 |
CVE-2023-31435 | Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31435 |
CVE-2022-30759 | In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30759 |
CVE-2023-26268 | Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:\n * validate_doc_update\n\n * list\n\n * filter\n\n * filter views (using view functions as filters)\n\n * rewrite\n\n * update\n\n\n\nThis doesn't affect map/reduce or search (Dreyfus) index functions.\n\nUsers are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).\n\nWorkaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26268 |
CVE-2023-27892 | Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With physical access to a PIN-unlocked device, attackers can extract the BIP39 mnemonic secret from the hardware wallet. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27892 |