Security Bulletin 10 May 2023

Published on 10 May 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2023-30838PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup `@keyframes` methods. This XSS, which hijacks HTML attributes, can be triggered without any interaction by the visitor/administrator, which makes it as dangerous as a trivial XSS attack. Contrary to other attacks which target HTML attributes and are triggered without user interaction (such as onload / onerror which suffer from a very limited scope), this one can hijack every HTML element, which increases the danger due to a complete HTML elements scope. Versions 8.0.4 and 1.7.8.9 contain a fix for this issue.9.9https://nvd.nist.gov/vuln/detail/CVE-2023-30838
CVE-2023-27407A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user.9.9https://nvd.nist.gov/vuln/detail/CVE-2023-27407
CVE-2023-30898A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Event Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.9.9https://nvd.nist.gov/vuln/detail/CVE-2023-30898
CVE-2023-30899A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Management Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.9.9https://nvd.nist.gov/vuln/detail/CVE-2023-30899
CVE-2016-0959Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, AIR for Android before 20.0.0.233.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-0959
CVE-2020-8597eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-8597
CVE-2020-7808In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7808
CVE-2021-29921In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-29921
CVE-2021-37232A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in APar_read64.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-37232
CVE-2021-42847Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42847
CVE-2022-26496In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26496
CVE-2022-28888Spryker Commerce OS 1.4.2 allows Remote Command Execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-28888
CVE-2022-36190GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36190
CVE-2022-37454The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37454
CVE-2022-45062In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-45062
CVE-2022-3520Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-3520
CVE-2022-46882A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-46882
CVE-2023-24033The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-24033
CVE-2023-28613An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300. An integer overflow in IPv4 fragment handling can occur due to insufficient parameter validation when reassembling these fragments.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28613
CVE-2022-46709A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16. An app may be able to execute arbitrary code with kernel privileges9.8https://nvd.nist.gov/vuln/detail/CVE-2022-46709
CVE-2023-26063Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26063
CVE-2023-26064Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26064
CVE-2023-26065Certain Lexmark devices through 2023-02-19 have an Integer Overflow.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26065
CVE-2023-26066Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26066
CVE-2023-26068Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26068
CVE-2023-26069Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26069
CVE-2023-26070Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26070
CVE-2023-30770A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30770
CVE-2023-23451The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration. Gateways with a serial number >2311xxxx have the Telnet interface disabled by factory default.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-23451
CVE-2022-29604An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-29604
CVE-2022-29606An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-29606
CVE-2023-2231A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227001 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2231
CVE-2023-2246A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2246
CVE-2023-25131Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the 'admin' password.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-25131
CVE-2023-24819RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-24819
CVE-2023-24823RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header. This occurs while encoding a 6LoWPAN IPHC header. The type confusion manifests in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, apply the patches manually.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-24823
CVE-2023-26865SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26865
CVE-2023-27848broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-27848
CVE-2023-27849rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-27849
CVE-2023-29566huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-29566
CVE-2023-28771Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28771
CVE-2023-27105A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-27105
CVE-2023-25313OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-25313
CVE-2012-5872ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.9.8https://nvd.nist.gov/vuln/detail/CVE-2012-5872
CVE-2023-27843SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-27843
CVE-2023-30404Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30404
CVE-2023-24796Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-24796
CVE-2022-39989An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials, but does not force nor prompt the administrators to change the credentials.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-39989
CVE-2023-30211OURPHP <= 7.2.0 is vulnerable to SQL Injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30211
CVE-2023-29268The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-29268
CVE-2020-36070Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-36070
CVE-2023-30280Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30280
CVE-2023-30363vConsole v3.15.0 was discovered to contain a prototype pollution due to incorrect key and value resolution in setOptions in core.ts.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30363
CVE-2023-20852aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-20852
CVE-2023-20853aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-20853
CVE-2023-28697Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28697
CVE-2023-28769The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28769
CVE-2023-1778This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems.\n\nThe vulnerability has been addressed by forcing the user to change their default password to a new non-default password.\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1778
CVE-2023-2344A vulnerability has been found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=save_service of the component HTTP POST Request Handler. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227587.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2344
CVE-2023-30349JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30349
CVE-2023-2345A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_inquiry. The manipulation leads to improper authorization. The attack may be launched remotely. The identifier of this vulnerability is VDB-227588.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2345
CVE-2023-2346A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227589 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2346
CVE-2023-2347A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/services/manage_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227590 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2347
CVE-2023-2348A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227591.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2348
CVE-2023-2158Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A malicious actor who creates this token can supply it to a separate Code Dx system, provided they know the username they want to impersonate, and impersonate the user.  Score 6.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2158
CVE-2023-1967Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1967
CVE-2023-2363A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. This issue affects some unknown processing of the file view_room.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227639.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2363
CVE-2023-30466This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.\n\nSuccessful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.\n\n\n\n\n\n\n\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30466
CVE-2023-30467This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.\n\nSuccessful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.\n\n\n\n\n\n\n\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30467
CVE-2023-2365A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=delete_subject. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227641 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2365
CVE-2023-2366A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=delete_class. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227642 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2366
CVE-2022-41397The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-41397
CVE-2022-41400Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-41400
CVE-2023-2367A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/manage_academic.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227643.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2367
CVE-2023-2368A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php?page=manage_questionnaire. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227644.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2368
CVE-2023-2369A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/manage_restriction.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227645 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2369
CVE-2023-28473Concrete CMS (previously concrete5) before 9.2 is vulnerable to possible Auth bypass in the jobs section.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28473
CVE-2023-2370A vulnerability classified as critical has been found in SourceCodester Online DJ Management System 1.0. Affected is an unknown function of the file admin/events/manage_event.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227646 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2370
CVE-2023-2371A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/inquiries/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227647.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2371
CVE-2023-0834Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-0834
CVE-2023-1966Instruments with Illumina Universal Copy Service v1.x and\nv2.x contain an unnecessary privileges vulnerability. An unauthenticated\nmalicious actor could upload and execute code remotely at the operating system\nlevel, which could allow an attacker to change settings, configurations,\nsoftware, or access sensitive data on the affected product.\n\n\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1966
CVE-2023-26781SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26781
CVE-2023-26813SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26813
CVE-2023-31470SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer overflow in the _dns_encode_domain function in the dns.c file, via a crafted DNS request.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-31470
CVE-2023-2420A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file upload\\inc\\include\\common.func.php. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227717 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2420
CVE-2023-2429Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2429
CVE-2015-10105A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The name of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2015-10105
CVE-2023-30859Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the 'triton:main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin), many servers use essentials so the /geoip command could be available to them, etc. This could also be modified to allow you to set the servers language, set another players language, etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30859
CVE-2022-45802Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later\n\n\n\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2022-45802
CVE-2023-29635File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-29635
CVE-2023-2451A vulnerability was found in SourceCodester Online DJ Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/bookings/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227795.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2451
CVE-2022-35898OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-35898
CVE-2023-1730The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1730
CVE-2023-30869Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30869
CVE-2023-2479OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2479
CVE-2023-29778GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-29778
CVE-2023-30204Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30204
CVE-2023-24941Windows Network File System Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-24941
CVE-2023-24943Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-24943
CVE-2022-4135Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)9.6https://nvd.nist.gov/vuln/detail/CVE-2022-4135
CVE-2022-28805singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-28805
CVE-2023-2227Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-2227
CVE-2021-44547A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-44547
CVE-2022-46365Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.\n\n\n\n\n9.1https://nvd.nist.gov/vuln/detail/CVE-2022-46365
CVE-2023-30613Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an `.exe` file or a file containing embedded JavaScript and trick others into clicking on these files, causing vulnerable browsers to execute malicious code on another computer.\n\nKiwi TCMS v12.2 comes with functionality that allows administrators to configure additional upload validator functions which give them more control over what file types are accepted for upload. By default `.exe` are denied. Other files containing the `--redacted--S, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an `.exe` file or a file containing embedded JavaScript and trick others into clicking on these files, causing vulnerable browsers to execute malicious code on another computer.\n\nKiwi TCMS v12.2 comes with functionality that allows administrators to configure additional upload validator functions which give them more control over what file types are accepted for upload. By default `.exe` are denied. Other files containing the `<script>` tag, regardless of their type are also denied b/c they are a path to XSS attacks. There are no known workarounds aside from upgrading9https://nvd.nist.gov/vuln/detail/CVE-2023-30613
CVE-2023-22637An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.9https://nvd.nist.gov/vuln/detail/CVE-2023-22637

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2015-8652Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820.8.8https://nvd.nist.gov/vuln/detail/CVE-2015-8652
CVE-2015-8653Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8655, CVE-2015-8821, and CVE-2015-8822.8.8https://nvd.nist.gov/vuln/detail/CVE-2015-8653
CVE-2015-8654Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8656, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820.8.8https://nvd.nist.gov/vuln/detail/CVE-2015-8654
CVE-2015-8655Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8821, and CVE-2015-8822.8.8https://nvd.nist.gov/vuln/detail/CVE-2015-8655
CVE-2015-8656Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820.8.8https://nvd.nist.gov/vuln/detail/CVE-2015-8656
CVE-2015-8657Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8658, and CVE-2015-8820.8.8https://nvd.nist.gov/vuln/detail/CVE-2015-8657
CVE-2015-8658Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8820.8.8https://nvd.nist.gov/vuln/detail/CVE-2015-8658
CVE-2015-8820Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8658.8.8https://nvd.nist.gov/vuln/detail/CVE-2015-8820
CVE-2015-8821Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, and CVE-2015-8822.8.8https://nvd.nist.gov/vuln/detail/CVE-2015-8821
CVE-2015-8822Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, and CVE-2015-8821.8.8https://nvd.nist.gov/vuln/detail/CVE-2015-8822
CVE-2019-7572SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-7572
CVE-2019-7573SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).8.8https://nvd.nist.gov/vuln/detail/CVE-2019-7573
CVE-2019-7574SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-7574
CVE-2019-7575SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-7575
CVE-2019-7576SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).8.8https://nvd.nist.gov/vuln/detail/CVE-2019-7576
CVE-2019-7577SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-7577
CVE-2019-7638SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-7638
CVE-2021-33657There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-33657
CVE-2022-3723Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3723
CVE-2022-3445Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3445
CVE-2022-3446Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3446
CVE-2022-3448Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3448
CVE-2022-3449Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3449
CVE-2022-3450Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3450
CVE-2022-4174Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4174
CVE-2022-4175Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4175
CVE-2022-4176Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4176
CVE-2022-4177Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4177
CVE-2022-4178Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4178
CVE-2022-4179Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4179
CVE-2022-4180Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4180
CVE-2022-4181Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4181
CVE-2022-4190Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4190
CVE-2022-4191Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4191
CVE-2022-4192Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4192
CVE-2022-4193Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4193
CVE-2022-4194Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4194
CVE-2022-4436Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4436
CVE-2022-4437Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4437
CVE-2022-4438Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4438
CVE-2022-4439Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4439
CVE-2022-4440Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4440
CVE-2022-46871An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46871
CVE-2022-46873Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of the document. This vulnerability affects Firefox < 108.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46873
CVE-2022-46874A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46874
CVE-2022-46878Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46878
CVE-2022-46879Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46879
CVE-2022-46881An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46881
CVE-2022-2196A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a\n8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2196
CVE-2023-0128Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0128
CVE-2023-0129Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0129
CVE-2023-0134Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0134
CVE-2023-0135Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0135
CVE-2023-0136Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0136
CVE-2023-0137Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0137
CVE-2023-0138Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0138
CVE-2023-0698Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0698
CVE-2022-47648An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user has accessed a publicly available B420 product using valid credentials, an insider attacker can gain access to the same panel without requiring any sort of authorization. The B420 module was already obsolete at the time this vulnerability was found (The End of Life announcement was made in 2013).8.8https://nvd.nist.gov/vuln/detail/CVE-2022-47648
CVE-2022-3294Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3294
CVE-2023-25358A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25358
CVE-2023-28205A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3.1, iOS 16.4.1 and iPadOS 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28205
CVE-2023-22614An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-22614
CVE-2023-24885Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24885
CVE-2023-28231DHCP Server Service Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28231
CVE-2023-28983An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4 version 21.4R1-EVO and later versions prior to 22.1R1-EVO.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28983
CVE-2022-46302Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46302
CVE-2023-27352This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19845.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27352
CVE-2023-27355This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPEG-TS parser. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19773.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27355
CVE-2023-2141An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2141
CVE-2023-29578mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-29578
CVE-2023-30622Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment called `cluster-hub` inside the `clusternet-system` Kubernetes namespace, which runs on worker nodes randomly. The deployment has a service account called `clusternet-hub`, which has a cluster role called `clusternet:hub` via cluster role binding. The `clusternet:hub` cluster role has `"*" verbs of "*.*"` resources. Thus, if a malicious user can access the worker node which runs the clusternet, they can leverage the service account to do malicious actions to critical system resources. For example, the malicious user can leverage the service account to get ALL secrets in the entire cluster, resulting in cluster-level privilege escalation. Version 0.15.2 contains a fix for this issue.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-30622
CVE-2023-26060An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-26060
CVE-2023-27991The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27991
CVE-2023-0388The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0388
CVE-2023-2250A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2250
CVE-2023-2258Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2258
CVE-2023-2260Improper Authorization of Index Containing Sensitive Information in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2260
CVE-2023-30623`embano1/wip` is a GitHub Action written in Bash. Prior to version 2, the `embano1/wip` action uses the `github.event.pull_request.title` parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This vulnerability can be triggered by any user on GitHub. They just need to create a pull request with a commit message containing an exploit. (Note that first-time PR requests will not be run - but the attacker can submit a valid PR before submitting an invalid PR). The commit can be genuine, but the commit message can be malicious. This can be used to execute code on the GitHub runners and can be used to exfiltrate any secrets used in the CI pipeline, including repository tokens. Version 2 has a fix for this issue.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-30623
CVE-2023-30628Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior,\nthe `changelog.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz";echo${IFS}"hello";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. Commit 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 of the kiwitcms/Kiwi repository and commit e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 of the kiwitcms/enterprise repository contain a fix for this issue.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-30628
CVE-2022-40724The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-40724
CVE-2023-30839PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-30839
CVE-2023-20872VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-20872
CVE-2023-30266CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-30266
CVE-2023-27107Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27107
CVE-2023-24836SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24836
CVE-2023-2338SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2338
CVE-2023-30848Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-30848
CVE-2023-30849Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-30849
CVE-2023-30850Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-30850
CVE-2023-25437An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25437
CVE-2023-28384mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28384
CVE-2023-28400mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28400
CVE-2023-28716mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28716
CVE-2023-29150mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-29150
CVE-2023-29169mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-29169
CVE-2023-2373A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Management Interface. The manipulation of the argument ecn-up leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227649 was assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2373
CVE-2023-1477Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1477
CVE-2023-29815mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF).8.8https://nvd.nist.gov/vuln/detail/CVE-2023-29815
CVE-2023-2374A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument ecn-down leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227650 is the identifier assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2374
CVE-2023-2375A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227651.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2375
CVE-2023-2376A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227652.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2376
CVE-2023-2377A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web Management Interface. The manipulation of the argument name leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227653 was assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2377
CVE-2023-2378A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument suffix-rate-up leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227654 is the identifier assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2378
CVE-2023-30854AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint `/plugin/CloneSite/cloneClient.json.php` allows attackers to achieve Remote Code Execution. This issue is fixed in version 12.4.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-30854
CVE-2023-24269An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24269
CVE-2023-2424A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227750 is the identifier assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2424
CVE-2023-0896A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0896
CVE-2023-22919The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-22919
CVE-2023-1196The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1196
CVE-2023-31433A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allows authenticated attackers to execute SQL statements via the welche parameter.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-31433
CVE-2023-2461Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2461
CVE-2023-22691Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-22691
CVE-2023-23790Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin <= 2.9.10.2 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23790
CVE-2022-3405Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3405
CVE-2023-25967Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo plugin <= 6.0.2.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25967
CVE-2023-2182An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2182
CVE-2023-24947Windows Bluetooth Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24947
CVE-2021-23166A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.8.7https://nvd.nist.gov/vuln/detail/CVE-2021-23166
CVE-2021-23186A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system.8.7https://nvd.nist.gov/vuln/detail/CVE-2021-23186
CVE-2022-46872An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.8.6https://nvd.nist.gov/vuln/detail/CVE-2022-46872
CVE-2023-28206An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6, macOS Ventura 13.3.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-28206
CVE-2022-41739\nIBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815.\n\n8.4https://nvd.nist.gov/vuln/detail/CVE-2022-41739
CVE-2022-44708Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.8.3https://nvd.nist.gov/vuln/detail/CVE-2022-44708
CVE-2023-21775Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability8.3https://nvd.nist.gov/vuln/detail/CVE-2023-21775
CVE-2023-21795Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability8.3https://nvd.nist.gov/vuln/detail/CVE-2023-21795
CVE-2023-21796Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability8.3https://nvd.nist.gov/vuln/detail/CVE-2023-21796
CVE-2018-16557A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Sending of specially crafted packets to port 102/tcp via Ethernet interface\r\nvia PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service\r\ncondition on affected devices. Flashing with a firmware image may be required\r\nto recover the CPU.\r\n\r\nSuccessful exploitation requires an attacker to have network access to port\r\n102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or\r\nMulti Point Interfaces (MPI) to the device. No user interaction is required.\r\nIf no access protection is configured, no privileges are required to exploit\r\nthe security vulnerability. The vulnerability could allow causing a\r\ndenial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system.8.2https://nvd.nist.gov/vuln/detail/CVE-2018-16557
CVE-2023-24892Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability8.2https://nvd.nist.gov/vuln/detail/CVE-2023-24892
CVE-2023-20869VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-20869
CVE-2023-30847H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP servers. Pull request number 3229 fixes the issue. The pull request has been merged to the `master` branch in commit f010336. Users should upgrade to commit f010336 or later.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-30847
CVE-2019-7578SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.8.1https://nvd.nist.gov/vuln/detail/CVE-2019-7578
CVE-2019-7635SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.8.1https://nvd.nist.gov/vuln/detail/CVE-2019-7635
CVE-2019-7636SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.8.1https://nvd.nist.gov/vuln/detail/CVE-2019-7636
CVE-2019-13616SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.8.1https://nvd.nist.gov/vuln/detail/CVE-2019-13616
CVE-2023-24999HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-24999
CVE-2023-26067Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).8.1https://nvd.nist.gov/vuln/detail/CVE-2023-26067
CVE-2023-29019@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using `@fastify/passport` in affected versions for user authentication, in combination with `@fastify/session` as the underlying session management mechanism, are vulnerable to session fixation attacks from network and same-site attackers. fastify applications rely on the `@fastify/passport` library for user authentication. The login and user validation are performed by the `authenticate` function. When executing this function, the `sessionId` is preserved between the pre-login and the authenticated session. Network and same-site attackers can hijack the victim's session by tossing a valid `sessionId` cookie in the victim's browser and waiting for the victim to log in on the website. As a solution, newer versions of `@fastify/passport` regenerate `sessionId` upon login, preventing the attacker-controlled pre-session cookie from being upgraded to an authenticated session. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n8.1https://nvd.nist.gov/vuln/detail/CVE-2023-29019
CVE-2023-22913A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data, resulting in denial-of-service (DoS) conditions on an affected device.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-22913
CVE-2023-22916The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-22916
CVE-2023-30626Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the `ClientLogController`, specifically `/ClientLog/Document`. When combined with a cross-site scripting vulnerability (CVE-2023-30627), this can result in file write and arbitrary code execution. Version 10.8.10 has a patch for this issue. There are no known workarounds.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-30626
CVE-2021-45111Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-45111
CVE-2023-30269CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-30269
CVE-2023-26567Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-26567
CVE-2023-28008HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.\n8.1https://nvd.nist.gov/vuln/detail/CVE-2023-28008
CVE-2023-28009HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.\n8.1https://nvd.nist.gov/vuln/detail/CVE-2023-28009
CVE-2023-2297The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (wppb_front_end_password_recovery). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-0814, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-2297
CVE-2023-21712Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-21712
CVE-2023-28261Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-28261
CVE-2023-31484CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-31484
CVE-2023-31486HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-31486
CVE-2023-28656\nNGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment.  \n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n\n8.1https://nvd.nist.gov/vuln/detail/CVE-2023-28656
CVE-2023-0805An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-0805
CVE-2023-24903Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-24903
CVE-2023-28283Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-28283
CVE-2023-29325Windows OLE Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-29325
CVE-2023-0756An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems.8https://nvd.nist.gov/vuln/detail/CVE-2023-0756
CVE-2020-35492A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-35492
CVE-2021-27452The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1).7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27452
CVE-2021-32271An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists in the function DumpRawUIConfig located in odf_dump.c. It allows an attacker to cause code Execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32271
CVE-2022-1154Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1154
CVE-2022-1160heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1160
CVE-2022-1381global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1381
CVE-2022-1616Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1616
CVE-2022-1619Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1619
CVE-2022-1621Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1621
CVE-2022-1629Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1629
CVE-2022-1733Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1733
CVE-2022-1769Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1769
CVE-2022-1735Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1735
CVE-2022-1785Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1785
CVE-2022-1796Use After Free in GitHub repository vim/vim prior to 8.2.4979.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1796
CVE-2022-1851Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1851
CVE-2022-1886Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1886
CVE-2022-1898Use After Free in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1898
CVE-2022-1897Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1897
CVE-2022-1927Buffer Over-read in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1927
CVE-2022-1942Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1942
CVE-2022-1968Use After Free in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1968
CVE-2022-2000Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2000
CVE-2022-31214A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-31214
CVE-2022-2042Use After Free in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2042
CVE-2022-2124Buffer Over-read in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2124
CVE-2022-2125Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2125
CVE-2022-2126Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2126
CVE-2022-2129Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2129
CVE-2022-1720Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1720
CVE-2022-2175Buffer Over-read in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2175
CVE-2022-2182Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2182
CVE-2022-2183Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2183
CVE-2022-2206Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2206
CVE-2022-2207Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2207
CVE-2022-2210Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2210
CVE-2022-2257Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2257
CVE-2022-2264Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2264
CVE-2022-2284Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2284
CVE-2022-2285Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2285
CVE-2022-2286Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2286
CVE-2022-2288Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2288
CVE-2022-2289Use After Free in GitHub repository vim/vim prior to 9.0.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2289
CVE-2022-2304Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2304
CVE-2022-2343Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2343
CVE-2022-2344Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2344
CVE-2022-2345Use After Free in GitHub repository vim/vim prior to 9.0.0046.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2345
CVE-2022-2522Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2522
CVE-2022-2819Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2819
CVE-2022-2816Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2816
CVE-2022-2817Use After Free in GitHub repository vim/vim prior to 9.0.0213.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2817
CVE-2022-2845Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2845
CVE-2022-2849Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2849
CVE-2022-2862Use After Free in GitHub repository vim/vim prior to 9.0.0221.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2862
CVE-2022-21229Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an authenticated user to potentially enable escalation of privilege via local access.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-21229
CVE-2022-2889Use After Free in GitHub repository vim/vim prior to 9.0.0225.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2889
CVE-2022-2946Use After Free in GitHub repository vim/vim prior to 9.0.0246.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2946
CVE-2022-2982Use After Free in GitHub repository vim/vim prior to 9.0.0260.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2982
CVE-2022-3016Use After Free in GitHub repository vim/vim prior to 9.0.0286.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3016
CVE-2022-3099Use After Free in GitHub repository vim/vim prior to 9.0.0360.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3099
CVE-2022-3134Use After Free in GitHub repository vim/vim prior to 9.0.0389.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3134
CVE-2022-38530GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38530
CVE-2022-3234Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3234
CVE-2022-3235Use After Free in GitHub repository vim/vim prior to 9.0.0490.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3235
CVE-2022-3256Use After Free in GitHub repository vim/vim prior to 9.0.0530.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3256
CVE-2022-3296Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3296
CVE-2022-3297Use After Free in GitHub repository vim/vim prior to 9.0.0579.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3297
CVE-2022-3324Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3324
CVE-2022-3352Use After Free in GitHub repository vim/vim prior to 9.0.0614.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3352
CVE-2022-3545A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3545
CVE-2022-43040GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43040
CVE-2022-43042GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43042
CVE-2022-42919Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-42919
CVE-2022-41104Microsoft Excel Security Feature Bypass Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41104
CVE-2022-41120Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41120
CVE-2022-4141Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-4141
CVE-2022-45934An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-45934
CVE-2022-45202GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-45202
CVE-2022-45343GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-45343
CVE-2022-3591Use After Free in GitHub repository vim/vim prior to 9.0.0789.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3591
CVE-2022-3491Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3491
CVE-2022-4292Use After Free in GitHub repository vim/vim prior to 9.0.0882.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-4292
CVE-2023-0049Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0049
CVE-2023-0051Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0051
CVE-2023-0054Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0054
CVE-2022-47087GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c7.8https://nvd.nist.gov/vuln/detail/CVE-2022-47087
CVE-2022-47088GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-47088
CVE-2022-47089GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c7.8https://nvd.nist.gov/vuln/detail/CVE-2022-47089
CVE-2022-47091GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c7.8https://nvd.nist.gov/vuln/detail/CVE-2022-47091
CVE-2022-47093GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid7.8https://nvd.nist.gov/vuln/detail/CVE-2022-47093
CVE-2022-47094GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid7.8https://nvd.nist.gov/vuln/detail/CVE-2022-47094
CVE-2022-47095GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c7.8https://nvd.nist.gov/vuln/detail/CVE-2022-47095
CVE-2022-47653GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:91137.8https://nvd.nist.gov/vuln/detail/CVE-2022-47653
CVE-2022-47654GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:82617.8https://nvd.nist.gov/vuln/detail/CVE-2022-47654
CVE-2022-47656GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:82737.8https://nvd.nist.gov/vuln/detail/CVE-2022-47656
CVE-2022-47657GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_parsers.c:76627.8https://nvd.nist.gov/vuln/detail/CVE-2022-47657
CVE-2022-47658GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:80397.8https://nvd.nist.gov/vuln/detail/CVE-2022-47658
CVE-2022-47659GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data7.8https://nvd.nist.gov/vuln/detail/CVE-2022-47659
CVE-2022-47660GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c7.8https://nvd.nist.gov/vuln/detail/CVE-2022-47660
CVE-2022-47661GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes7.8https://nvd.nist.gov/vuln/detail/CVE-2022-47661
CVE-2022-47663GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:6097.8https://nvd.nist.gov/vuln/detail/CVE-2022-47663
CVE-2023-21738Microsoft Office Visio Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-21738
CVE-2023-23559In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-23559
CVE-2023-22809In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-22809
CVE-2022-47024A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-47024
CVE-2020-36657uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-36657
CVE-2023-0266A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0266
CVE-2023-0760Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0760
CVE-2023-0461There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege.\n\nThere is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock.\n\nWhen CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.\n\nThe setsockopt TCP_ULP operation does not require any privilege.\n\nWe recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0461
CVE-2023-1118A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-1118
CVE-2023-26604systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26604
CVE-2022-3424A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3424
CVE-2022-20929A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload.\r\n This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-20929
CVE-2022-48423In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-48423
CVE-2022-48424In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-48424
CVE-2023-1281Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root.\nThis issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-1281
CVE-2023-20065A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. \r\n\r This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit this vulnerability by logging in to and then escaping the Cisco IOx application container. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-20065
CVE-2023-1252A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet, the kernel could be affected.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-1252
CVE-2023-1077In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-1077
CVE-2023-1078A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-1078
CVE-2022-4744A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-4744
CVE-2023-1670A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-1670
CVE-2023-1829A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.\nWe recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-1829
CVE-2021-33971Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Total Security (http://www.360totalsecurity.com/) is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: This is a set of vulnerabilities affecting popular software, "360 Safeguard(12.1.0.1004,12.1.0.1005,13.1.0.1001)" , "360 Total Security(10.8.0.1060,10.8.0.1213)", "360 Safe Browser & 360 Chrome(13.0.2170.0)". The attack vector is: On the browser vulnerability, just open a link to complete the vulnerability exploitation remotely; on the client software, you need to locally execute the vulnerability exploitation program, which of course can be achieved with the full chain of browser vulnerability. ¶¶ This is a set of the most serious vulnerabilities that exist on Qihoo 360's PC client a variety of popular software, remote vulnerabilities can be completed by opening a link to arbitrary code execution on both security browsers, with the use of local vulnerabilities, not only help the vulnerability code constitutes an escalation of privileges, er can make the spyware persistent without being scanned permanently resides on the target PC computer (because local vulnerability against Qihoo 360 company's antivirus kernel flaws); this group of remote and local vulnerability of the perfect match, to achieve an information security fallacy, in Qihoo 360's antivirus vulnerability, not only can not be scanned out of the virus, but will help the virus persistently control the target computer, while Qihoo 360 claims to be a safe browser, which exists in the kernel vulnerability but helped the composition of the remote vulnerability. (Security expert "Memory Corruptor" have reported this set of vulnerabilities to the corresponding vendor, all vulnerabilities have been fixed and the vendor rewarded thousands of dollars to the security experts)7.8https://nvd.nist.gov/vuln/detail/CVE-2021-33971
CVE-2023-2257Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub \nBusiness space without being prompted to enter the password via an \nunimplemented "Force Login" security feature.\n\nThis vulnerability occurs only if "Force Login" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space.\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-2257
CVE-2023-2007The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-2007
CVE-2023-26098An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26098
CVE-2022-42335x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handling it is possible for a guest with a PCI device passed through to cause the hypervisor to access an arbitrary pointer partially under guest control.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-42335
CVE-2022-31244Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-31244
CVE-2023-28088An HPE OneView appliance dump may expose SAN switch administrative credentials7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28088
CVE-2023-20871VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-20871
CVE-2023-29007Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-29007
CVE-2023-29011Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\\etc\\connectrc`. Since `C:\\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `<drive>:\\etc\\connectrc` files on multi-user machines.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-29011
CVE-2023-29012Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-29012
CVE-2023-30549Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0, installations that include apptainer-suid < 1.1.8, and all versions of Singularity in their default configurations on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation.\n\nApptainer 1.1.8 includes a patch that by default disables mounting of extfs filesystem types in setuid-root mode, while continuing to allow mounting of extfs filesystems in non-setuid "rootless" mode using fuse2fs.\n\nSome workarounds are possible. Either do not install apptainer-suid (for versions 1.1.0 through 1.1.7) or set `allow setuid = no` in apptainer.conf (or singularity.conf for singularity versions). This requires having unprivileged user namespaces enabled and except for apptainer 1.1.x versions will disallow mounting of sif files, extfs files, and squashfs files in addition to other, less significant impacts. (Encrypted sif files are also not supported unprivileged in apptainer 1.1.x.). Alternatively, use the `limit containers` options in apptainer.conf/singularity.conf to limit sif files to trusted users, groups, and/or paths, and set `allow container extfs = no` to disallow mounting of extfs overlay files. The latter option by itself does not disallow mounting of extfs overlay partitions inside SIF files, so that's why the former options are also needed.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30549
CVE-2023-26286IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26286
CVE-2023-29596Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an attacker to execute arbitrary code and cause a denial of service via the paq8 function.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-29596
CVE-2023-29835Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-29835
CVE-2023-2291Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-2291
CVE-2023-26243An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to create custom firmware that may be installed in the IVI system. Then, an attacker may be able to install a backdoor in the IVI system that may allow him to control it, if it is connected to the Internet through Wi-Fi.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26243
CVE-2023-26244An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26244
CVE-2023-26245An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26245
CVE-2023-26246An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26246
CVE-2023-31287An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-31287
CVE-2023-2331Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows application will allows to insert arbitrary code into the service.\nThis issue affects Surelock Windows : from 2.3.12 through 2.40.0.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-2331
CVE-2023-2355Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-2355
CVE-2022-37326Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37326
CVE-2023-31436qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-31436
CVE-2023-28528IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28528
CVE-2022-48481In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible7.8https://nvd.nist.gov/vuln/detail/CVE-2022-48481
CVE-2022-38583On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38583
CVE-2023-25496A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-25496
CVE-2023-2417A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 and classified as problematic. Affected by this issue is some unknown functionality of the file C:\\Program Files (x86)\\HostMonitor\\RMA-Win\\rma_active.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 12.60 is able to address this issue. It is recommended to upgrade the affected component. VDB-227714 is the identifier assigned to this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-2417
CVE-2022-41736IBM Spectrum Scale Container Native Storage Access \n\n5.1.2.1 through 5.1.6.0\n\ncontains an unspecified vulnerability that could allow a local user to obtain root privileges. IBM X-Force ID: 237810.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41736
CVE-2023-2235A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.\n\nThe perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.\n\nWe recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-2235
CVE-2023-2236A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nBoth io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-2236
CVE-2022-25713Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25713
CVE-2022-33281Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-33281
CVE-2022-33292Memory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting it.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-33292
CVE-2023-21642Memory corruption in HAB Memory management due to broad system privileges via physical address.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-21642
CVE-2023-28070\nAlienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28070
CVE-2023-27999An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27999
CVE-2023-30986A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain a memory corruption vulnerability while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19561)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30986
CVE-2023-24902Win32k Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-24902
CVE-2023-24905Remote Desktop Client Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-24905
CVE-2023-24946Windows Backup Service Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-24946
CVE-2023-24949Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-24949
CVE-2023-24953Microsoft Excel Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-24953
CVE-2023-29336Win32k Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-29336
CVE-2023-29340AV1 Video Extension Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-29340
CVE-2023-29341AV1 Video Extension Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-29341
CVE-2023-29343SysInternals Sysmon for Windows Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-29343
CVE-2015-20107In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.97.6https://nvd.nist.gov/vuln/detail/CVE-2015-20107
CVE-2017-9946A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-9946
CVE-2018-16556A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via\r\nPROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected\r\ndevices to go into defect mode. Manual reboot is required to resume normal\r\noperation.\r\n\r\nSuccessful exploitation requires an attacker to be able to send specially\r\ncrafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi\r\nPoint Interfaces (MPI). No user interaction and no user privileges are\r\nrequired to exploit the security vulnerability. The vulnerability could allow\r\ncausing a denial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-16556
CVE-2019-10923A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SIMOTION, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 Control Unit, SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-10923
CVE-2019-10936A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC PN/PN Coupler, SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS NET PN/PN Coupler, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. Affected devices improperly handle large amounts of specially crafted UDP packets.\r\n\r\nThis could allow an unauthenticated remote attacker to trigger a denial of service condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-10936
CVE-2021-38385Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-38385
CVE-2022-0391A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0391
CVE-2022-26498An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26498
CVE-2022-1620NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-1620
CVE-2022-31805In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31805
CVE-2022-31212An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31212
CVE-2022-31213An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31213
CVE-2022-33903Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-33903
CVE-2022-34169The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34169
CVE-2022-34568SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34568
CVE-2022-22728A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22728
CVE-2022-3705A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-3705
CVE-2022-45061An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45061
CVE-2021-46854mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46854
CVE-2021-40365A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516T-3 PN/DP, SIMATIC S7-1500 CPU 1516TF-3 PN/DP, SIMATIC S7-1500 CPU 1517-3 PN/DP, SIMATIC S7-1500 CPU 1517F-3 PN/DP, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN/DP, SIMATIC S7-1500 CPU 1517TF-3 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518F-4 PN/DP, SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN/DP, SIMATIC S7-1500 CPU 1518TF-4 PN/DP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1515R-2 PN, SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1517H-3 PN, SIPLUS S7-1500 CPU 1518-4 PN/DP, SIPLUS S7-1500 CPU 1518-4 PN/DP MFP, SIPLUS S7-1500 CPU 1518F-4 PN/DP, SIPLUS S7-1500 CPU 1518HF-4 PN, SIPLUS TIM 1531 IRC, TIM 1531 IRC. Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40365
CVE-2022-45197Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45197
CVE-2022-4379A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial7.5https://nvd.nist.gov/vuln/detail/CVE-2022-4379
CVE-2022-4743A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-4743
CVE-2022-38725An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38725
CVE-2022-3116The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-3116
CVE-2023-20860Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-20860
CVE-2022-43716A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-43716
CVE-2022-43767A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-43767
CVE-2022-43768A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-43768
CVE-2023-28766A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service.\r\nAn unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28766
CVE-2023-26964An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26964
CVE-2023-29197guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\\n) into both the header names and values. While the specification states that \\r\\n\\r\\n is used to terminate the header list, many servers in the wild will also accept \\n\\n. This is a follow-up to CVE-2022-24775 where the fix was incomplete. The issue has been patched in versions 1.9.1 and 2.4.5. There are no known workarounds for this vulnerability. Users are advised to upgrade.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-29197
CVE-2021-38363An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. Deletion is possible neither by a user nor by the intermittent Intent Cleanup process.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-38363
CVE-2022-24035An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In combination with other applications, it could lead to a failure of network management.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24035
CVE-2022-29605An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of an intent into an OpenFlow 1.0 switch that does not support IPv6. Improper handling of the difference in capabilities of the intent and switch is misleading to a network operator.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-29605
CVE-2022-29607An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without any flow rule. Improper handling of such an intent is misleading to a network operator.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-29607
CVE-2022-29608An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its path installs an invalid flow rule, causing a network loop.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-29608
CVE-2021-33589Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33589
CVE-2023-26101In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet Investigator could leverage a path-traversal vulnerability to retrieve files on the Flowmon appliance's local filesystem.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26101
CVE-2023-2140A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 \n\ncould allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2140
CVE-2023-24818RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24818
CVE-2023-24820RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset. Thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patch manually.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24820
CVE-2023-29480Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-29480
CVE-2023-2251Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2251
CVE-2023-24821RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset, thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24821
CVE-2023-24822RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception, leading to denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patches manually.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24822
CVE-2023-22915A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-22915
CVE-2023-22917A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-22917
CVE-2023-29780Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-29780
CVE-2023-30629Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30629
CVE-2023-29779Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the 'Set_short_poll_interval' command.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-29779
CVE-2023-29552The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-29552
CVE-2023-28847Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to 24.0.11 and 25.0.0 prior to 25.0.5; as well as Nextcloud Server Enterprise 23.0.0 prior to 23.0.12.6, 24.0.0 prior to 24.0.11, and 25.0.0 prior to 25.0.5; an attacker is not restricted in verifying passwords of share links so they can just start brute forcing the password. Nextcloud Server 24.0.11 and 25.0.5 and Nextcloud Enterprise Server 23.0.12.6, 24.0.11, and 25.0.5 contain a fix for this issue. No known workarounds are available.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28847
CVE-2023-23837No exception handling vulnerability which revealed sensitive or excessive information to users.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-23837
CVE-2021-23178Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-23178
CVE-2021-23203Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-23203
CVE-2023-25652Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25652
CVE-2023-0045The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.\n\nWe recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-0045
CVE-2023-2273Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2273
CVE-2022-25273Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25273
CVE-2022-25275In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25275
CVE-2023-1387Grafana is an open-source platform for monitoring and observability. \n\nStarting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. \n\nBy enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1387
CVE-2023-30112Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30112
CVE-2022-27978Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27978
CVE-2022-44232libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt() in decompile.c unknown type may lead to denial of service. This is a different vulnerability than CVE-2018-9132 and CVE-2018-20427.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-44232
CVE-2023-30546Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System (CFS) backend for the storage of data (file os/storage/antelope/storage-cfs.c). In the functions `storage_get_index` and `storage_put_index`, a buffer for merging two strings is allocated with one byte less than the maximum size of the merged strings, causing subsequent function calls to the cfs_open function to read from memory beyond the buffer size. The vulnerability has been patched in the "develop" branch of Contiki-NG, and is expected to be included in the next release. As a workaround, the problem can be fixed by applying the patch in Contiki-NG pull request #2425.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30546
CVE-2022-45456Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45456
CVE-2023-27559IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-27559
CVE-2023-30846typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with `BasicCredentialHandler`, `BearerCredentialHandler` or `PersonalAccessTokenCredentialHandler`. Second, the target host may return a redirection (3xx), with a link to a second host. Third, the next request will use the credentials to authenticate with the second host, by setting the `Authorization` header. The expected behavior is that the next request will *NOT* set the `Authorization` header. The problem was fixed in version 1.8.0. There are no known workarounds.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30846
CVE-2023-28770The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28770
CVE-2023-29255IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-29255
CVE-2023-2335\nPlaintext Password in Registry\n\n vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve \n\nAdmin user credentials\n\nThis issue affects surelock windows: from 2.3.12 through 2.40.0.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2335
CVE-2023-30380An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30380
CVE-2023-2356Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2356
CVE-2023-27556IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling which could allow a remote attacker to cause a denial of service. IBM X-Force ID: 249190.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-27556
CVE-2023-27557IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-27557
CVE-2023-28882Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28882
CVE-2023-2360Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2360
CVE-2022-41398The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-41398
CVE-2022-41399The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-41399
CVE-2023-2379A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2379
CVE-2023-27555IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-27555
CVE-2023-30455An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without throwing an error. When this many IDs are supplied, the server takes around 60 seconds to respond and successfully generate the expected ZIP archive (during this time period, no other pages load). A threat actor could issue a request to this endpoint with 100+ statement IDs every 30 seconds, potentially resulting in an overload of the server for all users.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30455
CVE-2023-1968\nInstruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications. \n\n\n\n\n\n\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1968
CVE-2023-26021IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26021
CVE-2023-26022IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26022
CVE-2023-30858The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the `replace`, `unemojify`, or `strip` functions.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30858
CVE-2023-31444In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-31444
CVE-2023-31483tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-31483
CVE-2023-30441IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30441
CVE-2023-30061D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30061
CVE-2023-30063D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30063
CVE-2022-48186A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-48186
CVE-2023-22921A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-22921
CVE-2023-22922A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-22922
CVE-2023-27035An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-27035
CVE-2022-33304Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-33304
CVE-2022-33305Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-33305
CVE-2022-34144Transient DOS due to reachable assertion in Modem during OSI decode scheduling.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34144
CVE-2022-40505Information disclosure due to buffer over-read in Modem while parsing DNS hostname.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-40505
CVE-2022-40508Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-40508
CVE-2023-1809The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1809
CVE-2023-2473A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227860.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2473
CVE-2022-30995Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-30995
CVE-2023-27378\nMultiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-27378
CVE-2023-29163\nWhen UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-29163
CVE-2017-20184Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-20184
CVE-2023-29350Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-29350
CVE-2023-24898Windows SMB Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24898
CVE-2023-24901Windows NFS Portmapper Information Disclosure Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24901
CVE-2023-24939Server for NFS Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24939
CVE-2023-24940Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24940
CVE-2023-24942Remote Procedure Call Runtime Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24942
CVE-2023-29335Microsoft Word Security Feature Bypass Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-29335
CVE-2021-25217In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-25217
CVE-2023-24461\nAn improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.7.4https://nvd.nist.gov/vuln/detail/CVE-2023-24461
CVE-2023-24948Windows Bluetooth Driver Elevation of Privilege Vulnerability7.4https://nvd.nist.gov/vuln/detail/CVE-2023-24948
CVE-2023-26293A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution.7.3https://nvd.nist.gov/vuln/detail/CVE-2023-26293
CVE-2023-1731In LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.\n7.2https://nvd.nist.gov/vuln/detail/CVE-2023-1731
CVE-2023-22914A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-22914
CVE-2023-2259Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-2259
CVE-2022-45291PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endpoints. A contributing factor is a hardcoded login password of support, which is not documented. (This is not the same as the documented setup password, which is 12345.) The issue was fixed in late 2022.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-45291
CVE-2022-36769\nIBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.\n\n7.2https://nvd.nist.gov/vuln/detail/CVE-2022-36769
CVE-2023-29257IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-29257
CVE-2022-25277Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-25277
CVE-2023-2419A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \\crmeb\\app\\services\\system\\attachment\\SystemAttachmentServices.php. The manipulation of the argument filename leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227716.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-2419
CVE-2023-0924The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-0924
CVE-2023-1669The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-1669
CVE-2023-28742\nWhen DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh.\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-28742
CVE-2023-28832A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The web based management of affected devices does not properly validate user input, making it susceptible to command injection. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-28832
CVE-2023-24955Microsoft SharePoint Server Remote Code Execution Vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2023-24955
CVE-2019-13939A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions < V3.5.3), APOGEE PXC Series (P2) (All versions >= V2.8.2 and < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC100-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC12-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC36.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC50-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch "Nucleus 2017.02.02 Nucleus NET Patch"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Series (BACnet) (All versions < V3.5.3), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. The vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack.7.1https://nvd.nist.gov/vuln/detail/CVE-2019-13939
CVE-2022-2287Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-2287
CVE-2022-47092GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:83167.1https://nvd.nist.gov/vuln/detail/CVE-2022-47092
CVE-2023-26099An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consultation permission is insecure.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-26099
CVE-2023-28089An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules7.1https://nvd.nist.gov/vuln/detail/CVE-2023-28089
CVE-2022-31647Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-31647
CVE-2022-34292Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-34292
CVE-2023-2460Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)7.1https://nvd.nist.gov/vuln/detail/CVE-2023-2460
CVE-2023-28724\nNGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager.  \n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n7.1https://nvd.nist.gov/vuln/detail/CVE-2023-28724
CVE-2023-24904Windows Installer Elevation of Privilege Vulnerability7.1https://nvd.nist.gov/vuln/detail/CVE-2023-24904
CVE-2023-28466do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).7https://nvd.nist.gov/vuln/detail/CVE-2023-28466
CVE-2023-1989A use-after-free flaw was found in btsdio_remove in drivers\\bluetooth\\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.7https://nvd.nist.gov/vuln/detail/CVE-2023-1989
CVE-2023-1872A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation.\n\nThe io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered.\n\nWe recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.\n\n7https://nvd.nist.gov/vuln/detail/CVE-2023-1872
CVE-2023-2006A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.7https://nvd.nist.gov/vuln/detail/CVE-2023-2006
CVE-2023-24899Windows Graphics Component Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-24899
CVE-2023-1079A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.6.8https://nvd.nist.gov/vuln/detail/CVE-2023-1079
CVE-2023-2228Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0.6.8https://nvd.nist.gov/vuln/detail/CVE-2023-2228
CVE-2021-44476A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files.6.8https://nvd.nist.gov/vuln/detail/CVE-2021-44476
CVE-2023-25832There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions. 6.8https://nvd.nist.gov/vuln/detail/CVE-2023-25832
CVE-2022-35868A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server  (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-35868
CVE-2023-2194An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-2194
CVE-2023-24932Secure Boot Security Feature Bypass Vulnerability6.7https://nvd.nist.gov/vuln/detail/CVE-2023-24932
CVE-2022-41115Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability.6.6https://nvd.nist.gov/vuln/detail/CVE-2022-41115
CVE-2023-1073A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.6.6https://nvd.nist.gov/vuln/detail/CVE-2023-1073
CVE-2018-4843A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (All versions < V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX 2010 (All versions < V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions < V2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system.\r\n\r\nThe security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system.6.5https://nvd.nist.gov/vuln/detail/CVE-2018-4843
CVE-2021-28363The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-28363
CVE-2022-0108Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0108
CVE-2022-2928In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2928
CVE-2022-2929In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2929
CVE-2022-42010An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-42010
CVE-2022-42011An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-42011
CVE-2022-42012An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-42012
CVE-2022-3957A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-3957
CVE-2022-4187Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2022-4187
CVE-2022-3643Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-3643
CVE-2022-46875The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-46875
CVE-2022-46880A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-46880
CVE-2023-0130Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0130
CVE-2023-0131Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0131
CVE-2023-0132Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0132
CVE-2023-0133Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0133
CVE-2023-0139Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0139
CVE-2023-0140Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0140
CVE-2023-23589The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-23589
CVE-2023-21719Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-21719
CVE-2023-24857Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-24857
CVE-2023-30456An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-30456
CVE-2023-22950An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsql_server, created by any user with designer permissions, can read sensitive data from arbitrary locations.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-22950
CVE-2021-38364An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing flow rules related to other intents.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-38364
CVE-2022-24109An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then remove the duplicate one. This will remove the flow rules of the intent, even though the intent still exists in the controller.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24109
CVE-2023-28459pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28459
CVE-2023-27353This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msprox endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19846.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-27353
CVE-2023-27354This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before reading from memory. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19727.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-27354
CVE-2023-29020@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger) protection enforced by the `@fastify/csrf-protection` library, when combined with `@fastify/passport` in affected versions, can be bypassed by network and same-site attackers. `fastify/csrf-protection` implements the synchronizer token pattern (using plugins `@fastify/session` and `@fastify/secure-session`) by storing a random value used for CSRF token generation in the `_csrf` attribute of a user's session. The `@fastify/passport` library does not clear the session object upon authentication, preserving the `_csrf` attribute between pre-login and authenticated sessions. Consequently, CSRF tokens generated before authentication are still valid. Network and same-site attackers can thus obtain a CSRF token for their pre-session, fixate that pre-session in the victim's browser via cookie tossing, and then perform a CSRF attack after the victim authenticates. As a solution, newer versions of `@fastify/passport` include the configuration options: `clearSessionOnLogin (default: true)` and `clearSessionIgnoreFields (default: ['passport', 'session'])` to clear all the session attributes by default, preserving those explicitly defined in `clearSessionIgnoreFields`.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-29020
CVE-2023-22918A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-22918
CVE-2023-1623The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1623
CVE-2023-1624The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1624
CVE-2023-29530Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value, can cause an invalid message. This can lead to denial of service vectors or application errors. The problem has been patched in following versions 2.18.1, 2.19.1, 2.20.1, 2.21.1, 2.22.1, 2.23.1, 2.24.1, and 2.25.1. As a workaround, validate HTTP header keys and/or values, and if using user-supplied values, filter them to strip off leading or trailing newline characters before calling `withHeader()`.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-29530
CVE-2023-28484In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28484
CVE-2023-29469An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).6.5https://nvd.nist.gov/vuln/detail/CVE-2023-29469
CVE-2023-26057An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-26057
CVE-2023-26058An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-26058
CVE-2023-23838Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-23838
CVE-2023-29200Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao 4.9.40, 4.13.21 or 5.1.4 to receive a patch. There are no known workarounds.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-29200
CVE-2023-30545PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-30545
CVE-2021-23176Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting information via crafted RPC packets.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-23176
CVE-2022-40723The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-40723
CVE-2023-2282Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2282
CVE-2023-23839The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-23839
CVE-2023-24512On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision6.5https://nvd.nist.gov/vuln/detail/CVE-2023-24512
CVE-2023-26560Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-26560
CVE-2023-30265CLTPHP <=6.0 is vulnerable to Directory Traversal.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-30265
CVE-2022-25278Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-25278
CVE-2023-2307Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2307
CVE-2023-31250The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-31250
CVE-2023-30843Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a workaround, write a `beforeOperation` hook to remove `where` queries that attempt to access hidden field data.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-30843
CVE-2023-2336Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2336
CVE-2023-30444IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-30444
CVE-2023-2380A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227658 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2380
CVE-2023-26782An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-26782
CVE-2023-29058A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-29058
CVE-2023-2408A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. Affected by this issue is some unknown functionality of the file services/view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227702 is the identifier assigned to this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2408
CVE-2023-2409A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. This affects an unknown part of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227703.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2409
CVE-2023-2410A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/bookings/view_booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227704.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2410
CVE-2023-2411A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227705 was assigned to this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2411
CVE-2023-2412A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227706 is the identifier assigned to this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2412
CVE-2023-2413A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookings/manage_booking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227707.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2413
CVE-2023-22923A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions on an affected device.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-22923
CVE-2023-26987An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-26987
CVE-2023-1125The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1125
CVE-2023-2459Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2459
CVE-2023-0485An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff with a pre-existing fork.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0485
CVE-2023-1965An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1965
CVE-2023-24944Windows Bluetooth Driver Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-24944
CVE-2023-24950Microsoft SharePoint Server Spoofing Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-24950
CVE-2023-24954Microsoft SharePoint Server Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-24954
CVE-2023-29324Windows MSHTML Platform Security Feature Bypass Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-29324
CVE-2023-30772The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.6.4https://nvd.nist.gov/vuln/detail/CVE-2023-30772
CVE-2023-1611A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea6.3https://nvd.nist.gov/vuln/detail/CVE-2023-1611
CVE-2023-1855A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.6.3https://nvd.nist.gov/vuln/detail/CVE-2023-1855
CVE-2023-29002Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode.6.3https://nvd.nist.gov/vuln/detail/CVE-2023-29002
CVE-2022-38730Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\\dataRoot\\network\\files\\local-kv.db because of a TOCTOU race condition.6.3https://nvd.nist.gov/vuln/detail/CVE-2022-38730
CVE-2021-3654A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-3654
CVE-2022-25772A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript6.1https://nvd.nist.gov/vuln/detail/CVE-2022-25772
CVE-2023-26100In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user's web browser.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-26100
CVE-2023-2220A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2220
CVE-2022-48150Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-48150
CVE-2023-26494lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume they were redirected to the homepage on login. Version 3.24.1 contains a fix.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-26494
CVE-2012-10013A vulnerability was found in Kau-Boy Backend Localization Plugin up to 1.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file backend_localization.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 43dc96defd7944da12ff116476a6890acd7dd24b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227231.6.1https://nvd.nist.gov/vuln/detail/CVE-2012-10013
CVE-2012-10014A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backend_localization_admin_settings/backend_localization_save_setting/backend_localization_login_form/localize_backend of the file backend_localization.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 36f457ee16dd114e510fd91a3ea9fbb3c1f87184. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227232.6.1https://nvd.nist.gov/vuln/detail/CVE-2012-10014
CVE-2022-28354In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-28354
CVE-2023-25314Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-25314
CVE-2023-30177CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-30177
CVE-2021-26263Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-26263
CVE-2021-26947Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-26947
CVE-2021-44775Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-44775
CVE-2021-45071Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-45071
CVE-2022-40725PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-40725
CVE-2012-5873ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action.6.1https://nvd.nist.gov/vuln/detail/CVE-2012-5873
CVE-2023-30106Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-30106
CVE-2023-30111Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS).6.1https://nvd.nist.gov/vuln/detail/CVE-2023-30111
CVE-2023-2294A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the argument strorder leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227481 was assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2294
CVE-2023-30267CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-30267
CVE-2022-25276The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-25276
CVE-2023-22729Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-22729
CVE-2023-30210OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-30210
CVE-2023-30212OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-30212
CVE-2023-29836Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-29836
CVE-2023-29442Zoho ManageEngine Applications Manager through 16390 allows DOM XSS.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-29442
CVE-2023-25292Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-25292
CVE-2023-31285An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator user.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-31285
CVE-2023-24966IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-24966
CVE-2023-2341Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2341
CVE-2023-28286Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability6.1https://nvd.nist.gov/vuln/detail/CVE-2023-28286
CVE-2023-29489An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-29489
CVE-2023-28475Concrete CMS (previously concrete5) before 9.2 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-28475
CVE-2023-30125EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).6.1https://nvd.nist.gov/vuln/detail/CVE-2023-30125
CVE-2023-30454An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be passed to an eval() function and executed upon pressing the continue button.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-30454
CVE-2020-21643Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-21643
CVE-2020-23647Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-23647
CVE-2023-2395A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the component Web Management Interface. The manipulation of the argument Login.userAgent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227673 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2395
CVE-2023-2396A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument USERDBUsers.Password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2396
CVE-2023-2421A vulnerability classified as problematic has been found in Control iD RHiD 23.3.19.0. Affected is an unknown function of the file /v2/#/add/department. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-227718 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2421
CVE-2023-30792Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript\: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-30792
CVE-2015-10104A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756.6.1https://nvd.nist.gov/vuln/detail/CVE-2015-10104
CVE-2023-29637Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the "article editor" page.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-29637
CVE-2023-29641Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-29641
CVE-2013-10026A vulnerability, which was classified as problematic, has been found in Mail Subscribe List Plugin up to 2.0.10 on WordPress. This issue affects some unknown processing of the file index.php. The manipulation of the argument sml_name/sml_email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.1 is able to address this issue. The name of the patch is 484970ef8285cae51d2de3bd4e4684d33c956c28. It is recommended to upgrade the affected component. The identifier VDB-227765 was assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2013-10026
CVE-2014-125100A vulnerability classified as problematic was found in BestWebSoft Job Board Plugin 1.0.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is dbb71deee071422ce3e663fbcdce3ad24886f940. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227764.6.1https://nvd.nist.gov/vuln/detail/CVE-2014-125100
CVE-2023-1546The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1546
CVE-2023-1804The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1804
CVE-2023-1805The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1805
CVE-2023-2477A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227869 was assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2477
CVE-2023-23830Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-23830
CVE-2023-25961Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Themes Darcie theme <= 1.1.5 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-25961
CVE-2023-25829There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-25829
CVE-2023-25830There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-25830
CVE-2023-25831There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-25831
CVE-2023-20870VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.6https://nvd.nist.gov/vuln/detail/CVE-2023-20870
CVE-2023-29104A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to overwrite any file the Linux user `ccuser` has write access to, or to download any file the Linux user `ccuser` has read-only access to.6https://nvd.nist.gov/vuln/detail/CVE-2023-29104
CVE-2023-28828A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-28828
CVE-2023-25930IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-25930
CVE-2023-29056A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-29056
CVE-2023-31485GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-31485
CVE-2023-2418A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The associated identifier of this vulnerability is VDB-227715.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-2418
CVE-2023-22372\nIn the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-22372
CVE-2023-29105A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device is vulnerable to a denial of service while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT broker and the affected device to cause a denial of service (DoS).5.9https://nvd.nist.gov/vuln/detail/CVE-2023-29105
CVE-2023-24900Windows NTLM Security Support Provider Information Disclosure Vulnerability5.9https://nvd.nist.gov/vuln/detail/CVE-2023-24900
CVE-2022-40722A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA.5.8https://nvd.nist.gov/vuln/detail/CVE-2022-40722
CVE-2023-29680Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.5.7https://nvd.nist.gov/vuln/detail/CVE-2023-29680
CVE-2023-29681Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.5.7https://nvd.nist.gov/vuln/detail/CVE-2023-29681
CVE-2023-1178An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit.5.7https://nvd.nist.gov/vuln/detail/CVE-2023-1178
CVE-2023-1998The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line.\n\nThis happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.\n\n\n5.6https://nvd.nist.gov/vuln/detail/CVE-2023-1998
CVE-2020-23930An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-23930
CVE-2021-37231A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-37231
CVE-2021-32269An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-32269
CVE-2021-32270An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-32270
CVE-2021-44647Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44647
CVE-2022-24249A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-24249
CVE-2022-27145GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-27145
CVE-2022-27146GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-27146
CVE-2022-27147GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-27147
CVE-2022-27148GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-27148
CVE-2022-1420Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-1420
CVE-2022-1674NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-1674
CVE-2022-1771Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-1771
CVE-2022-2208NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2208
CVE-2022-2231NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2231
CVE-2022-36191A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-36191
CVE-2022-2874NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2874
CVE-2022-2873An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2873
CVE-2022-2923NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2923
CVE-2021-3997A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3997
CVE-2022-2980NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2980
CVE-2022-3153NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-3153
CVE-2022-36280An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).5.5https://nvd.nist.gov/vuln/detail/CVE-2022-36280
CVE-2022-41218In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-41218
CVE-2022-3278NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-3278
CVE-2022-1725NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-1725
CVE-2022-43039GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-43039
CVE-2022-43043GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-43043
CVE-2022-43044GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-43044
CVE-2022-43045GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-43045
CVE-2022-43254GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-43254
CVE-2022-43255GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-43255
CVE-2022-3821An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-3821
CVE-2022-4129A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-4129
CVE-2022-45204GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-45204
CVE-2022-4293Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-4293
CVE-2021-44694A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516T-3 PN/DP, SIMATIC S7-1500 CPU 1516TF-3 PN/DP, SIMATIC S7-1500 CPU 1517-3 PN/DP, SIMATIC S7-1500 CPU 1517F-3 PN/DP, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN/DP, SIMATIC S7-1500 CPU 1517TF-3 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518F-4 PN/DP, SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN/DP, SIMATIC S7-1500 CPU 1518TF-4 PN/DP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1515R-2 PN, SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1517H-3 PN, SIPLUS S7-1500 CPU 1518-4 PN/DP, SIPLUS S7-1500 CPU 1518-4 PN/DP MFP, SIPLUS S7-1500 CPU 1518F-4 PN/DP, SIPLUS S7-1500 CPU 1518HF-4 PN, SIPLUS TIM 1531 IRC, TIM 1531 IRC. Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44694
CVE-2022-46489GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-46489
CVE-2022-46490GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-46490
CVE-2022-47086GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c5.5https://nvd.nist.gov/vuln/detail/CVE-2022-47086
CVE-2022-47662GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:6625.5https://nvd.nist.gov/vuln/detail/CVE-2022-47662
CVE-2023-23454cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23454
CVE-2023-23455atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23455
CVE-2022-47929In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-47929
CVE-2023-0394A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-0394
CVE-2023-22998In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).5.5https://nvd.nist.gov/vuln/detail/CVE-2023-22998
CVE-2023-23004In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23004
CVE-2022-3707A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-3707
CVE-2023-1074A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-1074
CVE-2023-1076A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-1076
CVE-2022-46703A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. An app may be able to read sensitive location information5.5https://nvd.nist.gov/vuln/detail/CVE-2022-46703
CVE-2023-2162A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-2162
CVE-2021-3429When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3429
CVE-2023-28328A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28328
CVE-2023-29579yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-29579
CVE-2023-29582yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-29582
CVE-2023-29583yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-29583
CVE-2023-26097An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-26097
CVE-2023-30406Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30406
CVE-2023-30408Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30408
CVE-2023-30410Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_function_construct at /operations/ecma-function-object.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30410
CVE-2023-30414Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30414
CVE-2023-30402YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30402
CVE-2023-28086An HPE OneView appliance dump may expose proxy credential settings5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28086
CVE-2023-28087An HPE OneView appliance dump may expose OneView user accounts5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28087
CVE-2023-28090An HPE OneView appliance dump may expose SNMPv3 read credentials5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28090
CVE-2023-28084HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28084
CVE-2023-2269A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-2269
CVE-2023-26930Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-26930
CVE-2023-26931Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the TextOutputDev.cc function.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-26931
CVE-2023-26934An issue found in XPDF v.4.04 allows an attacker to cause a denial of service via a crafted pdf file in the object.cc parameter.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-26934
CVE-2023-26935Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via SharedFile::readBlock at /xpdf/Stream.cc.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-26935
CVE-2023-26936Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via gmalloc in gmem.cc5.5https://nvd.nist.gov/vuln/detail/CVE-2023-26936
CVE-2023-26937Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via GString::resize located in goo/GString.cc5.5https://nvd.nist.gov/vuln/detail/CVE-2023-26937
CVE-2023-26938Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service viaSharedFile::readBlock located in goo/gfile.cc.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-26938
CVE-2023-30841Baremetal Operator (BMO) is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included `deploy.sh` store their `.htpasswd` files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management cluster, or access to the management cluster's Etcd storage. This issue is patched in baremetal-operator PR#1241, and is included in BMO release 0.3.0 onwards. As a workaround, users may modify the kustomizations and redeploy the BMO, or recreate the required ConfigMaps as Secrets per instructions in baremetal-operator PR#1241.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30841
CVE-2022-45876Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2022-45876
CVE-2023-1786Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-1786
CVE-2023-29950swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function enumerateUsedIDs_fillstyle at modules/swftools.c5.5https://nvd.nist.gov/vuln/detail/CVE-2023-29950
CVE-2023-29471Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-29471
CVE-2023-2426Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-2426
CVE-2022-33273Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-33273
CVE-2023-31207Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-31207
CVE-2023-24945Windows iSCSI Target Service Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-24945
CVE-2023-28251Windows Driver Revocation List Security Feature Bypass Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28251
CVE-2020-26298Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-26298
CVE-2022-26497BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-26497
CVE-2023-26061An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-26061
CVE-2023-26059An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-26059
CVE-2023-0276The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-0276
CVE-2023-0418The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks5.4https://nvd.nist.gov/vuln/detail/CVE-2023-0418
CVE-2023-0424The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks5.4https://nvd.nist.gov/vuln/detail/CVE-2023-0424
CVE-2023-30627jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the `REST` endpoints with admin privileges. When combined with CVE-2023-30626, this results in remote code execution on the Jellyfin instance in the context of the user who's running it. This issue is patched in version 10.8.10. There are no known workarounds.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-30627
CVE-2023-22665There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-22665
CVE-2023-30417A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-30417
CVE-2023-31223Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-31223
CVE-2022-25274Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-25274
CVE-2022-27979A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-27979
CVE-2023-2322Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2322
CVE-2023-2323Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2323
CVE-2023-2327Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2327
CVE-2023-2328Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2328
CVE-2023-2339Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2339
CVE-2023-2340Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2340
CVE-2023-2342Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2342
CVE-2023-2343Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2343
CVE-2023-30338Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-30338
CVE-2023-2349A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227592.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2349
CVE-2023-2350A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227593 was assigned to this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2350
CVE-2023-2361Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2361
CVE-2023-2364A vulnerability, which was classified as problematic, was found in SourceCodester Resort Reservation System 1.0. Affected is an unknown function of the file registration.php. The manipulation of the argument fullname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227640.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2364
CVE-2023-28471Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-28471
CVE-2023-28474Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Saved Presets on search.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-28474
CVE-2023-28476Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Tags on uploaded files.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-28476
CVE-2023-28477Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-28477
CVE-2023-28819Concrete CMS (previously concrete5) before 9.1 is vulnerable to Stored XSS in uploaded file and folder names.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-28819
CVE-2023-28820Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-28820
CVE-2023-30123wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-30123
CVE-2023-27864IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 249327.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-27864
CVE-2023-30405A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the wl_ssid parameter at /boafrm/formHomeWlanSetup.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-30405
CVE-2022-43871IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239707.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-43871
CVE-2023-2428Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2428
CVE-2022-45801Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability.\nLDAP Injection is an attack used to exploit web based applications\nthat construct LDAP statements based on user input. When an\napplication fails to properly sanitize user input, it's possible to\nmodify LDAP statements through techniques similar to SQL Injection.\nLDAP injection attacks could result in the granting of permissions to\nunauthorized queries, and content modification inside the LDAP tree.\nThis risk may only occur when the user logs in with ldap, and the user\nname and password login will not be affected, Users of the affected\nversions should upgrade to Apache StreamPark 2.0.0 or later.\n\n\n\n\n\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2022-45801
CVE-2023-29636Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-29636
CVE-2023-29639Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-29639
CVE-2023-29643Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-29643
CVE-2023-0891The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-0891
CVE-2023-1861The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1861
CVE-2023-2000Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2000
CVE-2023-2475A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument ?? leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-227867.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2475
CVE-2023-2476A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument ????/???? leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-227868.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2476
CVE-2023-29918RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-29918
CVE-2022-47877A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-47877
CVE-2023-29839A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-29839
CVE-2023-22713Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin <= 2.1.8 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-22713
CVE-2023-25798Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Olevmedia Olevmedia Shortcodes plugin <= 1.1.9 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-25798
CVE-2023-23708Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-23708
CVE-2023-23820Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-23820
CVE-2023-23874Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-23874
CVE-2023-23876Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <= 2.1.49 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-23876
CVE-2023-29240\nAn authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-29240
CVE-2023-0155An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown5.4https://nvd.nist.gov/vuln/detail/CVE-2023-0155
CVE-2023-1836A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances5.4https://nvd.nist.gov/vuln/detail/CVE-2023-1836
CVE-2023-27075A cross-site scripting vulnerability (XSS) in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-27075
CVE-2022-45818Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate plugin <= 1.3.4 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-45818
CVE-2023-25982Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Eirudo Simple YouTube Responsive plugin <= 2.5 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-25982
CVE-2017-9947A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.5.3https://nvd.nist.gov/vuln/detail/CVE-2017-9947
CVE-2022-45044A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions < V9.50), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.50), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.50), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.50), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.50), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.50), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.50), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.50), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.50), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.50), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.50), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.50), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.50), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions < V9.50), SIPROTEC 5 7SX85 (CP300) (All versions < V9.50), SIPROTEC 5 7UM85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.50), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.50), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.50), SIPROTEC 5 7VE85 (CP300) (All versions < V9.50), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.50), SIPROTEC 5 7VU85 (CP300) (All versions < V9.50), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions installed on CP100 and CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions installed on CP100 and CP200 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.50), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.50). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-45044
CVE-2022-29609An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing. Improper handling of such an intent is misleading to a network operator.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-29609
CVE-2022-29944An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of paths installed by intents. An existing intents does not redirect to a new path, even if a new intent that shares the path with higher priority is installed.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-29944
CVE-2023-2226Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. \n\nFor this attack to succeed, the attacker needs to be able to introduce malicious files to the system at the same time that Velociraptor attempts to collect any artifacts that attempt to parse PE files, Authenticode signatures, or OLE files. After crashing, the Velociraptor service will restart and it will still be possible to collect other artifacts.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-2226
CVE-2023-29479Ribose RNP before 0.16.3 may hang when the input is malformed.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-29479
CVE-2022-40482The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\\Auth\\SessionGuard class when a user is found to not exist.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-40482
CVE-2023-31286An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-31286
CVE-2023-27860IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-27860
CVE-2022-25091Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-25091
CVE-2020-4729IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the application to crash. IBM X-Force ID: 188052.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-4729
CVE-2023-28472Concrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-28472
CVE-2023-28821Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-28821
CVE-2023-22503Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature.\r\n\r\nThis vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team.\r\n\r\nThe affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-22503
CVE-2023-27108An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allows an attacker to send the user's call logs to a remote server via XMLHttpRequest or Fetch.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-27108
CVE-2023-2247In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function5.3https://nvd.nist.gov/vuln/detail/CVE-2023-2247
CVE-2023-24594\nWhen an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization.  \n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-24594
CVE-2023-29106A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-29106
CVE-2023-29107A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-29107
CVE-2023-28290Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability5.3https://nvd.nist.gov/vuln/detail/CVE-2023-28290
CVE-2023-29772A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request.5.2https://nvd.nist.gov/vuln/detail/CVE-2023-29772
CVE-2023-29338Visual Studio Code Information Disclosure Vulnerability5https://nvd.nist.gov/vuln/detail/CVE-2023-29338
CVE-2021-44693A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516T-3 PN/DP, SIMATIC S7-1500 CPU 1516TF-3 PN/DP, SIMATIC S7-1500 CPU 1517-3 PN/DP, SIMATIC S7-1500 CPU 1517F-3 PN/DP, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN/DP, SIMATIC S7-1500 CPU 1517TF-3 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518F-4 PN/DP, SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN/DP, SIMATIC S7-1500 CPU 1518TF-4 PN/DP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1515R-2 PN, SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1517H-3 PN, SIPLUS S7-1500 CPU 1518-4 PN/DP, SIPLUS S7-1500 CPU 1518-4 PN/DP MFP, SIPLUS S7-1500 CPU 1518F-4 PN/DP, SIPLUS S7-1500 CPU 1518HF-4 PN, SIPLUS TIM 1531 IRC, TIM 1531 IRC. Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-44693
CVE-2021-44695A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516T-3 PN/DP, SIMATIC S7-1500 CPU 1516TF-3 PN/DP, SIMATIC S7-1500 CPU 1517-3 PN/DP, SIMATIC S7-1500 CPU 1517F-3 PN/DP, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN/DP, SIMATIC S7-1500 CPU 1517TF-3 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518F-4 PN/DP, SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN/DP, SIMATIC S7-1500 CPU 1518TF-4 PN/DP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1515R-2 PN, SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1517H-3 PN, SIPLUS S7-1500 CPU 1518-4 PN/DP, SIPLUS S7-1500 CPU 1518-4 PN/DP MFP, SIPLUS S7-1500 CPU 1518F-4 PN/DP, SIPLUS S7-1500 CPU 1518HF-4 PN, SIPLUS TIM 1531 IRC, TIM 1531 IRC. Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-44695
CVE-2023-22948An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph cluster.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-22948
CVE-2023-29905H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-29905
CVE-2023-29906H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-29906
CVE-2023-29443Zoho ManageEngine ServiceDesk Plus through 14104 allows admin users to conduct an XXE attack.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-29443
CVE-2023-22901ChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administrator’s privilege can exploit this vulnerability to access arbitrary system files.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-22901
CVE-2023-30852Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `../` patterns to go out from the application webroot followed by path of the folder where the file is located in the "scriptPath" parameter and the file name in the "scripts" parameter. The JavaScript file is successfully read only if the web application has read access to it. Users should update to version 10.5.21 to receive a patch or, as a workaround, apply the patch manual.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-30852
CVE-2023-25495A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured4.9https://nvd.nist.gov/vuln/detail/CVE-2023-25495
CVE-2023-22924A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-22924
CVE-2023-2445Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-2445
CVE-2023-27990The XSS vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-27990
CVE-2023-0420The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF4.8https://nvd.nist.gov/vuln/detail/CVE-2023-0420
CVE-2023-2293A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been classified as problematic. This affects an unknown part of the file classes/Master.php?f=save_item. The manipulation of the argument description with the input --redacted-- leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-2274634.8https://nvd.nist.gov/vuln/detail/CVE-2023-2293
CVE-2023-2372A vulnerability, which was classified as problematic, has been found in SourceCodester Online DJ Management System 1.0. Affected by this issue is some unknown functionality of the file classes/Master.php?f=save_event. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227648.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2372
CVE-2023-2381A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=bandwidth_profile.htm of the component Web Management Interface. The manipulation of the argument BandWidthProfile.ProfileName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227659. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2381
CVE-2023-2382A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument sysLogInfo.serverName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2382
CVE-2023-2383A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2383
CVE-2023-2384A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument dhcp.SecDnsIPByte2 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2384
CVE-2023-2385A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=ike_policies.htm of the component Web Management Interface. The manipulation of the argument IpsecIKEPolicy.IKEPolicyName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2385
CVE-2023-2386A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.toAddr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2386
CVE-2023-2387A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2387
CVE-2023-2388A vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4.3.5-3. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2388
CVE-2023-2389A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2389
CVE-2023-2390A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server1 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2390
CVE-2023-2391A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server2 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2391
CVE-2023-2392A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. Affected is an unknown function of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ManualDate.minutes leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2392
CVE-2023-2393A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument ConfigPort.LogicalIfName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2393
CVE-2023-2394A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument wanName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2394
CVE-2023-2397A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Mobile Comparison Website 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_field. The manipulation of the argument Field Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227675.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2397
CVE-2023-2425A vulnerability was found in SourceCodester Simple Student Information System 1.0. It has been classified as problematic. This affects an unknown part of the file /classes/Master.php?f=save_course of the component Add New Course. The manipulation of the argument name with the input --redacted-- leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-2277514.8https://nvd.nist.gov/vuln/detail/CVE-2023-2425
CVE-2018-25085A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The name of the patch is 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755.4.8https://nvd.nist.gov/vuln/detail/CVE-2018-25085
CVE-2023-1021The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2023-1021
CVE-2023-1090The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2023-1090
CVE-2023-1525The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2023-1525
CVE-2023-1554The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2023-1554
CVE-2023-1614The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2023-1614
CVE-2023-23723Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-23723
CVE-2023-25783Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss FireCask Like & Share Button plugin <= 1.1.5 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-25783
CVE-2023-25784Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon Plan Gratos Sticky Ad Bar plugin <= 1.3.1 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-25784
CVE-2023-25786Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin <= 1.8.2 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-25786
CVE-2023-25787Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbolt team WP?????? plugin <= 1.3.9 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-25787
CVE-2023-25789Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapfiliate plugin <= 3.0.12 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-25789
CVE-2023-25792Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XiaoMac WP Open Social plugin <= 5.0 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-25792
CVE-2023-25797Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-25797
CVE-2023-25796Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Include WP BaiDu Submit plugin <= 1.2.1 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-25796
CVE-2023-22683Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themis Solutions, Inc. Clio Grow plugin <= 1.0.0 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-22683
CVE-2023-25979Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Video Gallery by Total-Soft Video Gallery plugin <= 1.7.6 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-25979
CVE-2022-46852Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Table Builder plugin <= 1.4.6 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-46852
CVE-2023-23785Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCult Exquisite PayPal Donation plugin <= v2.0.0 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-23785
CVE-2023-23808Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sergey Panasenko Sponsors Carousel plugin <= 4.02 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-23808
CVE-2023-23809Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Moris Dov Stock market charts from finviz plugin <= 1.0.1 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-23809
CVE-2023-23875Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin <= 1.0 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-23875
CVE-2023-23881Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GreenTreeLabs Circles Gallery plugin <= 1.0.10 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-23881
CVE-2023-26017Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.10.2 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-26017
CVE-2023-25458Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin <= 2.0.3 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-25458
CVE-2023-25977Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9seeds.Com CPT – Speakers plugin <= 1.1 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-25977
CVE-2023-26545In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-26545
CVE-2023-1990A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-1990
CVE-2023-30609matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. No cross-site scripting attack is possible due to the hardcoded content security policy. Version 3.71.0 of the SDK patches over the issue. As a workaround, restarting the client will clear the HTML injection.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-30609
CVE-2023-0458A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c114.7https://nvd.nist.gov/vuln/detail/CVE-2023-0458
CVE-2023-29354Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability4.7https://nvd.nist.gov/vuln/detail/CVE-2023-29354
CVE-2023-25012The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.4.6https://nvd.nist.gov/vuln/detail/CVE-2023-25012
CVE-2023-25834Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.4.6https://nvd.nist.gov/vuln/detail/CVE-2023-25834
CVE-2023-1265An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance.4.5https://nvd.nist.gov/vuln/detail/CVE-2023-1265
CVE-2023-2019A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system.4.4https://nvd.nist.gov/vuln/detail/CVE-2023-2019
CVE-2022-3447Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-3447
CVE-2022-4182Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4182
CVE-2022-4183Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4183
CVE-2022-4184Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4184
CVE-2022-4185Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4185
CVE-2022-4186Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4186
CVE-2022-4188Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4188
CVE-2022-4189Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4189
CVE-2022-4195Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4195
CVE-2022-44688Microsoft Edge (Chromium-based) Spoofing Vulnerability4.3https://nvd.nist.gov/vuln/detail/CVE-2022-44688
CVE-2022-46877By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-46877
CVE-2023-0141Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-0141
CVE-2023-28458pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-28458
CVE-2023-30544Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with their account without the ownership verification performed during account registration. Operators of Kiwi TCMS should upgrade to v12.2 or later to receive a patch. No known workarounds exist.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-30544
CVE-2023-1414The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours4.3https://nvd.nist.gov/vuln/detail/CVE-2023-1414
CVE-2023-2281When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.\n\n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2281
CVE-2021-44465Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-44465
CVE-2023-22728Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-22728
CVE-2023-29334Microsoft Edge (Chromium-based) Spoofing Vulnerability4.3https://nvd.nist.gov/vuln/detail/CVE-2023-29334
CVE-2023-1911The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example4.3https://nvd.nist.gov/vuln/detail/CVE-2023-1911
CVE-2023-2474A vulnerability has been found in Rebuild 3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-227866 is the identifier assigned to this vulnerability.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2474
CVE-2023-2462Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2462
CVE-2023-2463Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2463
CVE-2023-2464Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2464
CVE-2023-2465Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2465
CVE-2023-2466Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2466
CVE-2023-2467Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2467
CVE-2023-2468Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2468
CVE-2023-28406A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained.  \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-28406
CVE-2023-1204An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-1204
CVE-2023-2069An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2069
CVE-2022-4376An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4376
CVE-2023-29103A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected data.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-29103
CVE-2023-23920An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.4.2https://nvd.nist.gov/vuln/detail/CVE-2023-23920
CVE-2020-2978Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).4.1https://nvd.nist.gov/vuln/detail/CVE-2020-2978
CVE-2023-29128A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to write any file with the extension `.db`.3.8https://nvd.nist.gov/vuln/detail/CVE-2023-29128
CVE-2023-30857@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` decorator from the `@aedart/support` package. The likelihood of exploitation is questionable, given that a class's metadata can only be set or altered when the class is decorated via `meta()`. Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can lead to a security impact. The issue has been patched in version `0.6.1`.\n3.7https://nvd.nist.gov/vuln/detail/CVE-2023-30857
CVE-2023-1513A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-1513
CVE-2023-30618Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the `info` logging level during the `kitchen converge` action. Prior to v7.0.0, the output values were printed at the `debug` level to avoid writing sensitive values to the terminal by default. An attacker would need access to the local machine in order to gain access to these logs during an operation. Users are advised to upgrade. There are no known workarounds for this vulnerability.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-30618
CVE-2022-23721PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-23721
CVE-2023-27408A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of `-rw-rw-rw-`. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interface on the affected device to interfere with the integrity of the mutex and the data it protects.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-27408
CVE-2023-30985A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted OBJ file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19426)3.3https://nvd.nist.gov/vuln/detail/CVE-2023-30985
CVE-2023-29333Microsoft Access Denial of Service Vulnerability3.3https://nvd.nist.gov/vuln/detail/CVE-2023-29333
CVE-2023-27410A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the `edgebox_web_app` binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged attacker to cause a denial of service.2.7https://nvd.nist.gov/vuln/detail/CVE-2023-27410
CVE-2023-2197HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.22.5https://nvd.nist.gov/vuln/detail/CVE-2023-2197
CVE-2023-27409A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the `deviceinfo` binary via the `mac` parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any file named `address`.2.5https://nvd.nist.gov/vuln/detail/CVE-2023-27409
CVE-2023-25815In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\\mingw64\\share\\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\\` (and since `C:\\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1.\n\nThis vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\\`.2.2https://nvd.nist.gov/vuln/detail/CVE-2023-25815
CVE-2007-2586The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.https://nvd.nist.gov/vuln/detail/CVE-2007-2586
CVE-2014-5461Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.https://nvd.nist.gov/vuln/detail/CVE-2014-5461
CVE-2015-5122Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.https://nvd.nist.gov/vuln/detail/CVE-2015-5122
CVE-2023-29867Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.https://nvd.nist.gov/vuln/detail/CVE-2023-29867
CVE-2023-29868Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.https://nvd.nist.gov/vuln/detail/CVE-2023-29868
CVE-2023-30861Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.\n\n1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.\n2. The application sets `session.permanent = True`\n3. The application does not access or modify the session at any point during a request.\n4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default).\n5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.\n\nThis happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.https://nvd.nist.gov/vuln/detail/CVE-2023-30861
CVE-2022-47874Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'.https://nvd.nist.gov/vuln/detail/CVE-2022-47874
CVE-2022-47875A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2022-47875
CVE-2022-47876The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts.https://nvd.nist.gov/vuln/detail/CVE-2022-47876
CVE-2022-47878Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2022-47878
CVE-2023-26089European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5.https://nvd.nist.gov/vuln/detail/CVE-2023-26089
CVE-2023-26546European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission.https://nvd.nist.gov/vuln/detail/CVE-2023-26546
CVE-2023-30403An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to bypass login by connecting to the web app after a successful attempt by a legitimate user.https://nvd.nist.gov/vuln/detail/CVE-2023-30403
CVE-2023-30943The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.https://nvd.nist.gov/vuln/detail/CVE-2023-30943
CVE-2023-30944The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.https://nvd.nist.gov/vuln/detail/CVE-2023-30944
CVE-2023-31434The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations.https://nvd.nist.gov/vuln/detail/CVE-2023-31434
CVE-2023-31435Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly.https://nvd.nist.gov/vuln/detail/CVE-2023-31435
CVE-2022-30759In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands.https://nvd.nist.gov/vuln/detail/CVE-2022-30759
CVE-2023-26268Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:\n * validate_doc_update\n\n * list\n\n * filter\n\n * filter views (using view functions as filters)\n\n * rewrite\n\n * update\n\n\n\nThis doesn't affect map/reduce or search (Dreyfus) index functions.\n\nUsers are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).\n\nWorkaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-26268
CVE-2023-27892Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With physical access to a PIN-unlocked device, attackers can extract the BIP39 mnemonic secret from the hardware wallet.https://nvd.nist.gov/vuln/detail/CVE-2023-27892
CVE-2022-40302An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case.https://nvd.nist.gov/vuln/detail/CVE-2022-40302
CVE-2022-40318An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302.https://nvd.nist.gov/vuln/detail/CVE-2022-40318
CVE-2022-43681An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.https://nvd.nist.gov/vuln/detail/CVE-2022-43681
CVE-2023-1383An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible.\n\nThis issue affects:\n\nAmazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. \nInsignia TV with FireOS versions prior to 7.6.3.3.https://nvd.nist.gov/vuln/detail/CVE-2023-1383
CVE-2023-1384The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run\n\nThis issue affects:\n\nAmazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.\nInsignia TV with FireOS versions prior to 7.6.3.3.https://nvd.nist.gov/vuln/detail/CVE-2023-1384
CVE-2023-1385Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.\n\nThis issue affects:\n\nAmazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.\nInsignia TV with FireOS 7.6.3.3.https://nvd.nist.gov/vuln/detail/CVE-2023-1385
CVE-2023-25826\nDue to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25826
CVE-2023-25827\nDue to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25827
CVE-2017-11197In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option.https://nvd.nist.gov/vuln/detail/CVE-2017-11197
CVE-2020-22429redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs.https://nvd.nist.gov/vuln/detail/CVE-2020-22429
CVE-2022-39161IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.https://nvd.nist.gov/vuln/detail/CVE-2022-39161
CVE-2023-24744Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus 6.1.91.00 allows remote attackers to run arbitrary code via the onload function within the application DOM.https://nvd.nist.gov/vuln/detail/CVE-2023-24744
CVE-2023-30300An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.https://nvd.nist.gov/vuln/detail/CVE-2023-30300
CVE-2023-30205A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in /admin/article.php.https://nvd.nist.gov/vuln/detail/CVE-2023-30205
CVE-2022-43950A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, \r\n 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.https://nvd.nist.gov/vuln/detail/CVE-2022-43950
CVE-2022-45858A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.https://nvd.nist.gov/vuln/detail/CVE-2022-45858
CVE-2022-45859An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.https://nvd.nist.gov/vuln/detail/CVE-2022-45859
CVE-2022-45860A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.https://nvd.nist.gov/vuln/detail/CVE-2022-45860
CVE-2023-22640A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted requests.https://nvd.nist.gov/vuln/detail/CVE-2023-22640
CVE-2023-26203A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.https://nvd.nist.gov/vuln/detail/CVE-2023-26203
CVE-2023-27993A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands.https://nvd.nist.gov/vuln/detail/CVE-2023-27993
CVE-2022-47757In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load modules. Loading the library can lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-47757
CVE-2023-25438An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files.https://nvd.nist.gov/vuln/detail/CVE-2023-25438
CVE-2023-27568SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]=https://nvd.nist.gov/vuln/detail/CVE-2023-27568
CVE-2023-31099Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.https://nvd.nist.gov/vuln/detail/CVE-2023-31099
CVE-2023-29842ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-29842
CVE-2023-30077Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id.https://nvd.nist.gov/vuln/detail/CVE-2023-30077
CVE-2023-30331An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-30331
CVE-2023-25934\nDELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25934
CVE-2023-22651Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to\n the misconfiguration of the Webhook. This component enforces validation\n rules and security checks before resources are admitted into the \nKubernetes cluster.\nThe issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22651
CVE-2022-4259Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.https://nvd.nist.gov/vuln/detail/CVE-2022-4259
CVE-2023-25962Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari Accordion – Multiple Accordion or FAQs Builder plugin <= 2.3.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25962
CVE-2023-26016Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tauhidul Alam Simple Portfolio Gallery plugin <= 0.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-26016
CVE-2023-23470IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510.https://nvd.nist.gov/vuln/detail/CVE-2023-23470
CVE-2023-24958A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320.https://nvd.nist.gov/vuln/detail/CVE-2023-24958
CVE-2023-26010Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App plugin <= 11.18 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-26010
CVE-2023-26012Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denzel Chia | Phire Design Custom Login Page plugin <= 2.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-26012
CVE-2023-29827ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-29827
CVE-2023-30619Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30619
CVE-2023-29994In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c.https://nvd.nist.gov/vuln/detail/CVE-2023-29994
CVE-2023-29995In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.chttps://nvd.nist.gov/vuln/detail/CVE-2023-29995
CVE-2023-29996In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode.https://nvd.nist.gov/vuln/detail/CVE-2023-29996
CVE-2023-2519A vulnerability has been found in Caton CTP Relay Server 1.2.9 and classified as critical. This vulnerability affects unknown code of the file /server/api/v1/login of the component API. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. VDB-228010 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-2519
CVE-2023-2520A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049(202303031001) and classified as critical. This issue affects some unknown processing of the file cgi-bin/tools_ping.cgi?action=Command of the component Ping Handler. The manipulation of the argument Destination leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228011. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-2520
CVE-2023-2521A vulnerability was found in NEXTU NEXT-7004N 3.0.1. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formFilter of the component POST Request Handler. The manipulation of the argument url with the input <svg onload=alert(1337)> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228012. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-2521
CVE-2023-30184A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment.https://nvd.nist.gov/vuln/detail/CVE-2023-30184
CVE-2023-30203Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php.https://nvd.nist.gov/vuln/detail/CVE-2023-30203
CVE-2023-2522A vulnerability was found in Chengdu VEC40G 3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=access_detect of the component Network Detection. The manipulation of the argument COUNT with the input 3 | netstat -an leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228013 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-2522
CVE-2023-2523A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-2523
CVE-2023-30550MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0.https://nvd.nist.gov/vuln/detail/CVE-2023-30550
CVE-2023-2524A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/#/. The manipulation leads to direct request. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-228015. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-2524
CVE-2023-20126A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-20126
CVE-2023-23059An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-23059
CVE-2023-30094A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module.https://nvd.nist.gov/vuln/detail/CVE-2023-30094
CVE-2023-30095A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field.https://nvd.nist.gov/vuln/detail/CVE-2023-30095
CVE-2023-30096A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field.https://nvd.nist.gov/vuln/detail/CVE-2023-30096
CVE-2023-30097A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field.https://nvd.nist.gov/vuln/detail/CVE-2023-30097
CVE-2023-30264CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update.https://nvd.nist.gov/vuln/detail/CVE-2023-30264
CVE-2023-30268CLTPHP <=6.0 is vulnerable to Improper Input Validation.https://nvd.nist.gov/vuln/detail/CVE-2023-30268
CVE-2023-31284illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net.https://nvd.nist.gov/vuln/detail/CVE-2023-31284
CVE-2022-47434Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB SEO Friendly Images plugin <= 4.0.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-47434
CVE-2022-47449Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD plugin <= 3.1.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-47449
CVE-2023-21484Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation.https://nvd.nist.gov/vuln/detail/CVE-2023-21484
CVE-2023-21485Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.https://nvd.nist.gov/vuln/detail/CVE-2023-21485
CVE-2023-21486Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.https://nvd.nist.gov/vuln/detail/CVE-2023-21486
CVE-2023-21487Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting.https://nvd.nist.gov/vuln/detail/CVE-2023-21487
CVE-2023-21488Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.https://nvd.nist.gov/vuln/detail/CVE-2023-21488
CVE-2023-21489Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2023-21489
CVE-2023-21490Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager.https://nvd.nist.gov/vuln/detail/CVE-2023-21490
CVE-2023-21491Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.https://nvd.nist.gov/vuln/detail/CVE-2023-21491
CVE-2023-21492Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.https://nvd.nist.gov/vuln/detail/CVE-2023-21492
CVE-2023-21493Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data.https://nvd.nist.gov/vuln/detail/CVE-2023-21493
CVE-2023-21494Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.https://nvd.nist.gov/vuln/detail/CVE-2023-21494
CVE-2023-21495Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set.https://nvd.nist.gov/vuln/detail/CVE-2023-21495
CVE-2023-21496Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level.https://nvd.nist.gov/vuln/detail/CVE-2023-21496
CVE-2023-21497Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address.https://nvd.nist.gov/vuln/detail/CVE-2023-21497
CVE-2023-21498Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory.https://nvd.nist.gov/vuln/detail/CVE-2023-21498
CVE-2023-21499Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2023-21499
CVE-2023-21500Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory.https://nvd.nist.gov/vuln/detail/CVE-2023-21500
CVE-2023-21501Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2023-21501
CVE-2023-21502Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands.https://nvd.nist.gov/vuln/detail/CVE-2023-21502
CVE-2023-21503Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.https://nvd.nist.gov/vuln/detail/CVE-2023-21503
CVE-2023-21504Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.https://nvd.nist.gov/vuln/detail/CVE-2023-21504
CVE-2023-21505Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox.https://nvd.nist.gov/vuln/detail/CVE-2023-21505
CVE-2023-21506Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2023-21506
CVE-2023-21507Out-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.https://nvd.nist.gov/vuln/detail/CVE-2023-21507
CVE-2023-21508Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2023-21508
CVE-2023-21509Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2023-21509
CVE-2023-21510Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.https://nvd.nist.gov/vuln/detail/CVE-2023-21510
CVE-2023-21511Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.https://nvd.nist.gov/vuln/detail/CVE-2023-21511
CVE-2023-25289Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request.https://nvd.nist.gov/vuln/detail/CVE-2023-25289
CVE-2023-30216Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information.https://nvd.nist.gov/vuln/detail/CVE-2023-30216
CVE-2023-30328An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use.https://nvd.nist.gov/vuln/detail/CVE-2023-30328
CVE-2023-30399Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack.https://nvd.nist.gov/vuln/detail/CVE-2023-30399
CVE-2023-31413Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.https://nvd.nist.gov/vuln/detail/CVE-2023-31413
CVE-2023-31414Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.https://nvd.nist.gov/vuln/detail/CVE-2023-31414
CVE-2023-31415Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.https://nvd.nist.gov/vuln/detail/CVE-2023-31415
CVE-2023-30093An arbitrary file upload vulnerability in Open Networking Foundation ONOS from version 1.9.0 until 2.7.0 allows attackers to execute arbitrary code via uploading a crafted YAML file.https://nvd.nist.gov/vuln/detail/CVE-2023-30093
CVE-2023-30282PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak of personal information from customer table.https://nvd.nist.gov/vuln/detail/CVE-2023-30282
CVE-2023-1894A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.https://nvd.nist.gov/vuln/detail/CVE-2023-1894
CVE-2017-20183A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2017-20183
CVE-2023-2531Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3.https://nvd.nist.gov/vuln/detail/CVE-2023-2531
CVE-2023-30122An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.https://nvd.nist.gov/vuln/detail/CVE-2023-30122
CVE-2023-30135Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.https://nvd.nist.gov/vuln/detail/CVE-2023-30135
CVE-2023-30090Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file.https://nvd.nist.gov/vuln/detail/CVE-2023-30090
CVE-2023-32235Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.https://nvd.nist.gov/vuln/detail/CVE-2023-32235
CVE-2023-28068\nDell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28068
CVE-2021-40331An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled\nThis issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-40331
CVE-2022-45048Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45048
CVE-2023-30242NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php.https://nvd.nist.gov/vuln/detail/CVE-2023-30242
CVE-2022-38707IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.https://nvd.nist.gov/vuln/detail/CVE-2022-38707
CVE-2023-30013TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-30013
CVE-2023-30243Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId that allows access to sensitive information.https://nvd.nist.gov/vuln/detail/CVE-2023-30243
CVE-2022-43919IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354.https://nvd.nist.gov/vuln/detail/CVE-2022-43919
CVE-2023-22874IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216.https://nvd.nist.gov/vuln/detail/CVE-2023-22874
CVE-2023-29932llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.https://nvd.nist.gov/vuln/detail/CVE-2023-29932
CVE-2023-29933llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument.https://nvd.nist.gov/vuln/detail/CVE-2023-29933
CVE-2023-29934llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect().https://nvd.nist.gov/vuln/detail/CVE-2023-29934
CVE-2023-29935llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced.https://nvd.nist.gov/vuln/detail/CVE-2023-29935
CVE-2023-29939llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr).https://nvd.nist.gov/vuln/detail/CVE-2023-29939
CVE-2023-29941llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp.https://nvd.nist.gov/vuln/detail/CVE-2023-29941
CVE-2023-29942llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType.https://nvd.nist.gov/vuln/detail/CVE-2023-29942
CVE-2023-30053TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.https://nvd.nist.gov/vuln/detail/CVE-2023-30053
CVE-2023-30054TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload.https://nvd.nist.gov/vuln/detail/CVE-2023-30054
CVE-2023-30434IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187.https://nvd.nist.gov/vuln/detail/CVE-2023-30434
CVE-2023-26285IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.https://nvd.nist.gov/vuln/detail/CVE-2023-26285
CVE-2023-29659A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2023-29659
CVE-2023-32269An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.https://nvd.nist.gov/vuln/detail/CVE-2023-32269
CVE-2020-4914IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290.https://nvd.nist.gov/vuln/detail/CVE-2020-4914
CVE-2022-43866IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436.https://nvd.nist.gov/vuln/detail/CVE-2022-43866
CVE-2023-2427Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.https://nvd.nist.gov/vuln/detail/CVE-2023-2427
CVE-2023-2516Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.https://nvd.nist.gov/vuln/detail/CVE-2023-2516
CVE-2023-2550Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.https://nvd.nist.gov/vuln/detail/CVE-2023-2550
CVE-2023-2551PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1.https://nvd.nist.gov/vuln/detail/CVE-2023-2551
CVE-2023-2552Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1.https://nvd.nist.gov/vuln/detail/CVE-2023-2552
CVE-2023-2553Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to 2.2.0.https://nvd.nist.gov/vuln/detail/CVE-2023-2553
CVE-2023-2554External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0.https://nvd.nist.gov/vuln/detail/CVE-2023-2554
CVE-2023-30065MitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32 was discovered to contain a remote code execution (RCE) vulnerability in the ping function.https://nvd.nist.gov/vuln/detail/CVE-2023-30065
CVE-2023-29963S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php.https://nvd.nist.gov/vuln/detail/CVE-2023-29963
CVE-2016-15031A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injection. The attack can be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 0083ec652786ddbb81335ea20da590df40035679. It is recommended to upgrade the affected component. VDB-228022 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2016-15031
CVE-2022-22313IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370.https://nvd.nist.gov/vuln/detail/CVE-2022-22313
CVE-2022-43877IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148.https://nvd.nist.gov/vuln/detail/CVE-2022-43877
CVE-2023-24957IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115.https://nvd.nist.gov/vuln/detail/CVE-2023-24957
CVE-2023-26517Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff Starr Dashboard Widgets Suite plugin <= 3.2.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-26517
CVE-2023-26519Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.5.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-26519
CVE-2023-2560A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228167.https://nvd.nist.gov/vuln/detail/CVE-2023-2560
CVE-2023-25491Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Samuel Marshall JCH Optimize plugin <= 3.2.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25491
CVE-2023-24400Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Hu-manity.Co Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.4.6 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24400
CVE-2023-31047In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.https://nvd.nist.gov/vuln/detail/CVE-2023-31047
CVE-2023-32290The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server.https://nvd.nist.gov/vuln/detail/CVE-2023-32290
CVE-2023-2564OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0.https://nvd.nist.gov/vuln/detail/CVE-2023-2564
CVE-2023-2565A vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the argument complaint_type with the input --redacted-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228172https://nvd.nist.gov/vuln/detail/CVE-2023-2565
CVE-2023-29944Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbenchhttps://nvd.nist.gov/vuln/detail/CVE-2023-29944
CVE-2023-30185CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \\attachment\\SystemAttachmentServices.php.https://nvd.nist.gov/vuln/detail/CVE-2023-30185
CVE-2023-30257A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build Number v1.0.4 allows attackers to escalate privileges to root.https://nvd.nist.gov/vuln/detail/CVE-2023-30257
CVE-2023-30018Judging Management System v1.0 is vulnerable to SQL Injection. via /php-jms/review_se_result.php?mainevent_id=.https://nvd.nist.gov/vuln/detail/CVE-2023-30018
CVE-2023-2566Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.https://nvd.nist.gov/vuln/detail/CVE-2023-2566
CVE-2023-2534Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via\nticket histories by any user. (Fuzzing for garnering other adjacent user/sensitive data). Subscribing to all possible push events could also lead to performance implications on the server side, depending on the size of the installation\nand the number of active users. (Flooding)This issue affects OTRS: from 8.0.X before 8.0.32.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2534
CVE-2023-31038SQL injection in Log4cxx when using the ODBC appender to send log messages to a database.  No fields sent to the database were properly escaped for SQL injection.  This has been the case since at least version 0.9.0(released 2003-08-06)\n\n\n\n\nNote that Log4cxx is a C++ framework, so only C++ applications are affected.\n\nBefore version 1.1.0, the ODBC appender was automatically part of Log4cxx if the library was found when compiling the library.  As of version 1.1.0, this must be both explicitly enabled in order to be compiled in.\n\n\n\n\nThree preconditions must be met for this vulnerability to be possible:\n\n1. Log4cxx compiled with ODBC support(before version 1.1.0, this was auto-detected at compile time)\n\n2. ODBCAppender enabled for logging messages to, generally done via a config file\n\n3. User input is logged at some point. If your application does not have user input, it is unlikely to be affected.\n\n\n\n\n\nUsers are recommended to upgrade to version 1.1.0 which properly binds the parameters to the SQL statement, or migrate to the new DBAppender class which supports an ODBC connection in addition to other databases. \nNote that this fix does require a configuration file update, as the old configuration files will not configure properly.  An example is shown below, and more information may be found in the Log4cxx documentation on the ODBCAppender.\n\n\n\n\n\nExample of old configuration snippet:\n\n<appender name="SqlODBCAppender" class="ODBCAppender">\n\n    <param name="sql" value="INSERT INTO logs (message) VALUES ('%m')" />\n\n    ... other params here ...\n\n</appender>\n\n\n\n\nThe migrated configuration snippet with new ColumnMapping parameters:\n\n\n<appender name="SqlODBCAppender" class="ODBCAppender">\n\n\n\n\n    <param name="sql" value="INSERT INTO logs (message) VALUES (?)" />\n\n    <param name="ColumnMapping" value="message"/>\n    ... other params here ...\n\n\n</appender>\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31038
CVE-2023-31039Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file.\nAn attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process.\n\nSolution:\n1. upgrade to bRPC >= 1.5.0, download link:  https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ \n2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch:  https://github.com/apache/brpc/pull/2218 https://github.com/apache/brpc/pull/2218https://nvd.nist.gov/vuln/detail/CVE-2023-31039
CVE-2023-29247Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29247
CVE-2022-46799Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <= 1.0.15 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-46799
CVE-2023-23668Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in GiveWP plugin <= 2.25.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23668
CVE-2023-25021Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FareHarbor FareHarbor for WordPress plugin <= 3.6.6 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25021
CVE-2023-25754Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25754
CVE-2022-45812Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Lees Exxp plugin <= 2.6.8 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-45812
CVE-2023-25052Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa Yandex.News Feed by Teplitsa plugin <= 1.12.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25052
CVE-2023-25452Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Pretty (prettyboymp) CMS Press plugin <= 0.2.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25452
CVE-2023-28169Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CoreFortress Easy Event calendar plugin <= 1.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-28169
CVE-2023-2573Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request.\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2573
CVE-2023-2574Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2574
CVE-2023-2575Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request.https://nvd.nist.gov/vuln/detail/CVE-2023-2575
CVE-2020-18131Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5.https://nvd.nist.gov/vuln/detail/CVE-2020-18131
CVE-2020-18132Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit.https://nvd.nist.gov/vuln/detail/CVE-2020-18132
CVE-2020-18282Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature.https://nvd.nist.gov/vuln/detail/CVE-2020-18282
CVE-2020-19660Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values.https://nvd.nist.gov/vuln/detail/CVE-2020-19660
CVE-2020-21038Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.https://nvd.nist.gov/vuln/detail/CVE-2020-21038
CVE-2020-22334Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php.https://nvd.nist.gov/vuln/detail/CVE-2020-22334
CVE-2020-22755File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943.https://nvd.nist.gov/vuln/detail/CVE-2020-22755
CVE-2020-23966SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request.https://nvd.nist.gov/vuln/detail/CVE-2020-23966
CVE-2020-36065Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.https://nvd.nist.gov/vuln/detail/CVE-2020-36065
CVE-2021-27280OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected.https://nvd.nist.gov/vuln/detail/CVE-2021-27280
CVE-2021-28998File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.https://nvd.nist.gov/vuln/detail/CVE-2021-28998
CVE-2021-28999SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.https://nvd.nist.gov/vuln/detail/CVE-2021-28999
CVE-2022-4118The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated usershttps://nvd.nist.gov/vuln/detail/CVE-2022-4118
CVE-2023-0267The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.https://nvd.nist.gov/vuln/detail/CVE-2023-0267
CVE-2023-0268The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.https://nvd.nist.gov/vuln/detail/CVE-2023-0268
CVE-2023-0280The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.https://nvd.nist.gov/vuln/detail/CVE-2023-0280
CVE-2023-0421The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link.https://nvd.nist.gov/vuln/detail/CVE-2023-0421
CVE-2023-0514The Membership Database WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminhttps://nvd.nist.gov/vuln/detail/CVE-2023-0514
CVE-2023-0522The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attackhttps://nvd.nist.gov/vuln/detail/CVE-2023-0522
CVE-2023-0526The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attackshttps://nvd.nist.gov/vuln/detail/CVE-2023-0526
CVE-2023-0536The Wp-D3 WordPress plugin through 2.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.https://nvd.nist.gov/vuln/detail/CVE-2023-0536
CVE-2023-0537The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attackshttps://nvd.nist.gov/vuln/detail/CVE-2023-0537
CVE-2023-0542The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.https://nvd.nist.gov/vuln/detail/CVE-2023-0542
CVE-2023-0544The WP Login Box WordPress plugin through 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)https://nvd.nist.gov/vuln/detail/CVE-2023-0544
CVE-2023-0603The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackhttps://nvd.nist.gov/vuln/detail/CVE-2023-0603
CVE-2023-0768The Avirato hotels online booking engine WordPress plugin through 5.0.5 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks.https://nvd.nist.gov/vuln/detail/CVE-2023-0768
CVE-2023-0894The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)https://nvd.nist.gov/vuln/detail/CVE-2023-0894
CVE-2023-0948The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scriptinghttps://nvd.nist.gov/vuln/detail/CVE-2023-0948
CVE-2023-1011The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them.https://nvd.nist.gov/vuln/detail/CVE-2023-1011
CVE-2023-1347The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is presenthttps://nvd.nist.gov/vuln/detail/CVE-2023-1347
CVE-2023-1408The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as adminhttps://nvd.nist.gov/vuln/detail/CVE-2023-1408
CVE-2023-1649The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)https://nvd.nist.gov/vuln/detail/CVE-2023-1649
CVE-2023-1650The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the bloghttps://nvd.nist.gov/vuln/detail/CVE-2023-1650
CVE-2023-1651The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSShttps://nvd.nist.gov/vuln/detail/CVE-2023-1651
CVE-2023-1660The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboardhttps://nvd.nist.gov/vuln/detail/CVE-2023-1660
CVE-2023-1806The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators.https://nvd.nist.gov/vuln/detail/CVE-2023-1806
CVE-2023-1905The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficient fix of CVE-2023-24003https://nvd.nist.gov/vuln/detail/CVE-2023-1905
CVE-2023-2114The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query.https://nvd.nist.gov/vuln/detail/CVE-2023-2114
CVE-2022-45065Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-45065
CVE-2022-47437Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1.1.8 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-47437
CVE-2022-47439Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket Apps Open Graphite plugin <= 1.6.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-47439
CVE-2023-22779There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.https://nvd.nist.gov/vuln/detail/CVE-2023-22779
CVE-2023-22780There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.https://nvd.nist.gov/vuln/detail/CVE-2023-22780
CVE-2023-22781There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.https://nvd.nist.gov/vuln/detail/CVE-2023-22781
CVE-2023-22782There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.https://nvd.nist.gov/vuln/detail/CVE-2023-22782
CVE-2023-22783There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.https://nvd.nist.gov/vuln/detail/CVE-2023-22783
CVE-2023-22784There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.https://nvd.nist.gov/vuln/detail/CVE-2023-22784
CVE-2023-22785There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.https://nvd.nist.gov/vuln/detail/CVE-2023-22785
CVE-2023-22786There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.https://nvd.nist.gov/vuln/detail/CVE-2023-22786
CVE-2023-22787An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.https://nvd.nist.gov/vuln/detail/CVE-2023-22787
CVE-2023-22788Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.https://nvd.nist.gov/vuln/detail/CVE-2023-22788
CVE-2023-22789Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.https://nvd.nist.gov/vuln/detail/CVE-2023-22789
CVE-2023-22790Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.https://nvd.nist.gov/vuln/detail/CVE-2023-22790
CVE-2023-22791A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.https://nvd.nist.gov/vuln/detail/CVE-2023-22791
CVE-2023-24408Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24408
CVE-2023-28493Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-28493
CVE-2023-29693H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function set_tftp_upgrad.https://nvd.nist.gov/vuln/detail/CVE-2023-29693
CVE-2023-29696H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function version_set.https://nvd.nist.gov/vuln/detail/CVE-2023-29696
CVE-2023-30019imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-30019
CVE-2023-30092SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-30092
CVE-2023-30551Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-30551
CVE-2023-1979The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability to edit password protected stories. The vulnerability allowed users with said role to bypass this permission check when trying to duplicate the protected story in the plugin's own dashboard, giving them access to the seemingly protected content. We recommend upgrading to version 1.32 or beyond commit  ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 https://github.com/GoogleForCreators/web-stories-wp/commit/ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 \nhttps://nvd.nist.gov/vuln/detail/CVE-2023-1979
CVE-2023-2583Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.https://nvd.nist.gov/vuln/detail/CVE-2023-2583
CVE-2023-30837Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30837
CVE-2023-30840Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod (controlled by the `csi-nodeplugin-fluid` node-daemonset), they can leverage the fluid-csi service account to modify specs of all the nodes in the cluster. However, since this service account lacks `list node` permissions, the attacker may need to use other techniques to identify vulnerable nodes.\n\nOnce the attacker identifies and modifies the node specs, they can manipulate system-level-privileged components to access all secrets in the cluster or execute pods on other nodes. This allows them to elevate privileges beyond the compromised node and potentially gain full privileged access to the whole cluster.\n\nTo exploit this vulnerability, the attacker can make all other nodes unschedulable (for example, patch node with taints) and wait for system-critical components with high privilege to appear on the compromised node. However, this attack requires two prerequisites: a compromised node and identifying all vulnerable nodes through other means.\n\nVersion 0.8.6 contains a patch for this issue. As a workaround, delete the `csi-nodeplugin-fluid` daemonset in `fluid-system` namespace and avoid using CSI mode to mount FUSE file systems. Alternatively, using sidecar mode to mount FUSE file systems is recommended.https://nvd.nist.gov/vuln/detail/CVE-2023-30840
CVE-2023-30844Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in `mutagen` and prior to version 0.17.1 in `mutagen-compose`, Mutagen `list` and `monitor` commands are susceptible to control characters that could be provided by remote endpoints. This could cause terminal corruption, either intentional or unintentional, if these characters were present in error messages or file paths/names. This could be used as an attack vector if synchronizing with an untrusted remote endpoint, synchronizing files not under control of the user, or forwarding to/from an untrusted remote endpoint. On very old systems with terminals susceptible to issues such as CVE-2003-0069, the issue could theoretically cause code execution. The problem has been patched in Mutagen v0.16.6 and v0.17.1. Earlier versions of Mutagen are no longer supported and will not be patched. Versions of Mutagen after v0.18.0 will also have the patch merged. As a workaround, avoiding synchronization of untrusted files or interaction with untrusted remote endpoints should mitigate any risk.https://nvd.nist.gov/vuln/detail/CVE-2023-30844
CVE-2023-30855Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with the SQL Injection, the exported data `RESTRICTED DIFFUSION 9 / 9` can be controlled and a webshell can be uploaded. Attackers can use that to execute arbitrary PHP code on the server with the permissions of the webserver. Users may upgrade to version 10.5.18 to receive a patch or, as a workaround, apply the patch manually.https://nvd.nist.gov/vuln/detail/CVE-2023-30855
CVE-2023-30860WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert malicious scripts. Since any USER including the ADMIN can see the meeting room that was created by the attacker this can lead to cookie hijacking and takeover of any accounts. Version 12.4 contains a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-30860
CVE-2022-46720An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to break out of its sandboxhttps://nvd.nist.gov/vuln/detail/CVE-2022-46720
CVE-2023-1031MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-1031
CVE-2023-1094MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-1094
CVE-2023-23494A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to cause a denial-of-servicehttps://nvd.nist.gov/vuln/detail/CVE-2023-23494
CVE-2023-23523A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookuphttps://nvd.nist.gov/vuln/detail/CVE-2023-23523
CVE-2023-23525This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to gain root privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-23525
CVE-2023-23526This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A file from an iCloud shared-by-me folder may be able to bypass Gatekeeperhttps://nvd.nist.gov/vuln/detail/CVE-2023-23526
CVE-2023-23527The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. A user may gain access to protected parts of the file systemhttps://nvd.nist.gov/vuln/detail/CVE-2023-23527
CVE-2023-23528An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 16.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted Bluetooth packet may result in disclosure of process memoryhttps://nvd.nist.gov/vuln/detail/CVE-2023-23528
CVE-2023-23532This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to break out of its sandboxhttps://nvd.nist.gov/vuln/detail/CVE-2023-23532
CVE-2023-23533A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file systemhttps://nvd.nist.gov/vuln/detail/CVE-2023-23533
CVE-2023-23534The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5. Processing a maliciously crafted image may result in disclosure of process memoryhttps://nvd.nist.gov/vuln/detail/CVE-2023-23534
CVE-2023-23535The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memoryhttps://nvd.nist.gov/vuln/detail/CVE-2023-23535
CVE-2023-23536The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-23536
CVE-2023-23537A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location informationhttps://nvd.nist.gov/vuln/detail/CVE-2023-23537
CVE-2023-23538A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file systemhttps://nvd.nist.gov/vuln/detail/CVE-2023-23538
CVE-2023-23540The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-23540
CVE-2023-23541A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contactshttps://nvd.nist.gov/vuln/detail/CVE-2023-23541
CVE-2023-23542A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to access user-sensitive datahttps://nvd.nist.gov/vuln/detail/CVE-2023-23542
CVE-2023-23543The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. A sandboxed app may be able to determine which app is currently using the camerahttps://nvd.nist.gov/vuln/detail/CVE-2023-23543
CVE-2023-27928A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contactshttps://nvd.nist.gov/vuln/detail/CVE-2023-27928
CVE-2023-27929An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memoryhttps://nvd.nist.gov/vuln/detail/CVE-2023-27929
CVE-2023-27931This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive datahttps://nvd.nist.gov/vuln/detail/CVE-2023-27931
CVE-2023-27932This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content may bypass Same Origin Policyhttps://nvd.nist.gov/vuln/detail/CVE-2023-27932
CVE-2023-27933The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. An app with root privileges may be able to execute arbitrary code with kernel privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-27933
CVE-2023-27934A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code executionhttps://nvd.nist.gov/vuln/detail/CVE-2023-27934
CVE-2023-27935The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected app termination or arbitrary code executionhttps://nvd.nist.gov/vuln/detail/CVE-2023-27935
CVE-2023-27936An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to cause unexpected system termination or write kernel memoryhttps://nvd.nist.gov/vuln/detail/CVE-2023-27936
CVE-2023-27937An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code executionhttps://nvd.nist.gov/vuln/detail/CVE-2023-27937
CVE-2023-27938An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in GarageBand for macOS 10.4.8. Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code executionhttps://nvd.nist.gov/vuln/detail/CVE-2023-27938
CVE-2023-27941A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to disclose kernel memoryhttps://nvd.nist.gov/vuln/detail/CVE-2023-27941
CVE-2023-27942The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive datahttps://nvd.nist.gov/vuln/detail/CVE-2023-27942
CVE-2023-27943This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Files downloaded from the internet may not have the quarantine flag appliedhttps://nvd.nist.gov/vuln/detail/CVE-2023-27943
CVE-2023-27944This issue was addressed with a new entitlement. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to break out of its sandboxhttps://nvd.nist.gov/vuln/detail/CVE-2023-27944
CVE-2023-27945This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3. A sandboxed app may be able to collect system logshttps://nvd.nist.gov/vuln/detail/CVE-2023-27945
CVE-2023-27946An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code executionhttps://nvd.nist.gov/vuln/detail/CVE-2023-27946
CVE-2023-27949An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code executionhttps://nvd.nist.gov/vuln/detail/CVE-2023-27949
CVE-2023-27951The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An archive may be able to bypass Gatekeeperhttps://nvd.nist.gov/vuln/detail/CVE-2023-27951
CVE-2023-27952A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checkshttps://nvd.nist.gov/vuln/detail/CVE-2023-27952
CVE-2023-27953The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memoryhttps://nvd.nist.gov/vuln/detail/CVE-2023-27953
CVE-2023-27954The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be able to track sensitive user informationhttps://nvd.nist.gov/vuln/detail/CVE-2023-27954
CVE-2023-27955The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4. An app may be able to read arbitrary fileshttps://nvd.nist.gov/vuln/detail/CVE-2023-27955
CVE-2023-27956The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memoryhttps://nvd.nist.gov/vuln/detail/CVE-2023-27956
CVE-2023-27957A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code executionhttps://nvd.nist.gov/vuln/detail/CVE-2023-27957
CVE-2023-27958The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memoryhttps://nvd.nist.gov/vuln/detail/CVE-2023-27958
CVE-2023-27959The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-27959
CVE-2023-27960This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macOS 10.4.8. An app may be able to gain elevated privileges during the installation of GarageBandhttps://nvd.nist.gov/vuln/detail/CVE-2023-27960
CVE-2023-27961Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, watchOS 9.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. Importing a maliciously crafted calendar invitation may exfiltrate user informationhttps://nvd.nist.gov/vuln/detail/CVE-2023-27961
CVE-2023-27962A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to modify protected parts of the file systemhttps://nvd.nist.gov/vuln/detail/CVE-2023-27962
CVE-2023-27963The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. A shortcut may be able to use sensitive data with certain actions without prompting the userhttps://nvd.nist.gov/vuln/detail/CVE-2023-27963
CVE-2023-27965A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Studio Display Firmware Update 16.4. An app may be able to execute arbitrary code with kernel privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-27965
CVE-2023-27966The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to break out of its sandboxhttps://nvd.nist.gov/vuln/detail/CVE-2023-27966
CVE-2023-27967The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-27967
CVE-2023-27968A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memoryhttps://nvd.nist.gov/vuln/detail/CVE-2023-27968
CVE-2023-27969A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-27969
CVE-2023-27970An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-27970
CVE-2023-28178A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app may be able to bypass Privacy preferenceshttps://nvd.nist.gov/vuln/detail/CVE-2023-28178
CVE-2023-28180A denial-of-service issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. A user in a privileged network position may be able to cause a denial-of-servicehttps://nvd.nist.gov/vuln/detail/CVE-2023-28180
CVE-2023-28181The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-28181
CVE-2023-28182The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a devicehttps://nvd.nist.gov/vuln/detail/CVE-2023-28182
CVE-2023-28189The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to view sensitive informationhttps://nvd.nist.gov/vuln/detail/CVE-2023-28189
CVE-2023-28190A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive datahttps://nvd.nist.gov/vuln/detail/CVE-2023-28190
CVE-2023-28192A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location informationhttps://nvd.nist.gov/vuln/detail/CVE-2023-28192
CVE-2023-28194The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to unexpectedly create a bookmark on the Home Screenhttps://nvd.nist.gov/vuln/detail/CVE-2023-28194
CVE-2023-28200A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memoryhttps://nvd.nist.gov/vuln/detail/CVE-2023-28200
CVE-2023-28201This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary code executionhttps://nvd.nist.gov/vuln/detail/CVE-2023-28201
CVE-2023-30787MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-30787
CVE-2023-30788MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and firstName parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-30788
CVE-2023-30789MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-30789
CVE-2023-30790MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-30790
CVE-2023-32233In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.https://nvd.nist.gov/vuln/detail/CVE-2023-32233
CVE-2023-21404AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.https://nvd.nist.gov/vuln/detail/CVE-2023-21404
CVE-2023-24505\nMilesight NCR/camera version 71.8.0.6-r5 discloses sensitive information through an unspecified request. \n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-24505
CVE-2023-24506\n\n\nMilesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request. \n\n \n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-24506
CVE-2023-24507\n\n\nAgilePoint NX v8.0 SU2.2 & SU2.3 – Insecure File Upload - Vulnerability allows insecure file upload, by an unspecified request.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-24507
CVE-2023-2478An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project.https://nvd.nist.gov/vuln/detail/CVE-2023-2478
CVE-2023-2513A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.https://nvd.nist.gov/vuln/detail/CVE-2023-2513
CVE-2023-2582A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting (XSS) in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the __proto__ or constructor properties and the Object prototype. By leveraging an embedded gadget like jQuery, an attacker who convinces a victim to visit a specially crafted link could achieve arbitrary javascript execution in the context of the user's browser.https://nvd.nist.gov/vuln/detail/CVE-2023-2582
CVE-2023-30334AsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries.https://nvd.nist.gov/vuln/detail/CVE-2023-30334
CVE-2023-31123`effectindex/tripreporter` is a community-powered, universal platform for submitting and analyzing trip reports. Prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b, any user with an account on an instance of `effectindex/tripreporter`, e.g. `subjective.report`, may be affected by an improper password verification vulnerability. The vulnerability allows any user with a password matching the password requirements to log in as any user. This allows access to accounts / data loss of the user. This issue is patched in commit bd80ba833b9023d39ca22e29874296c8729dd53b. No action necessary for users of `subjective.report`, and anyone running their own instance should update to this commit or newer as soon as possible. As a workaround, someone running their own instance may apply the patch manually.https://nvd.nist.gov/vuln/detail/CVE-2023-31123
CVE-2023-31125Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are not impacted. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package, including those who use depending packages like `socket.io`. This issue was fixed in version 6.4.2 of Engine.IO. There is no known workaround except upgrading to a safe version.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31125
CVE-2023-31127libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual\nauthentication, the attacker may be able to establish the session with `KEY_EXCHANGE` and `PSK_FINISH` to bypass the mutual authentication. This is most likely to happen when the Requester begins a session using one method (DHE, for example) and then uses the other method's finish (PSK_FINISH in this example) to establish the session. The session hashes would be expected to fail in this case, but the condition was not detected.\n\nThis issue only impacts the SPDM responder, which supports `KEY_EX_CAP=1 and `PSK_CAP=10b` at same time with mutual authentication requirement. The SPDM requester is not impacted. The SPDM responder is not impacted if `KEY_EX_CAP=0` or `PSK_CAP=0` or `PSK_CAP=01b`. The SPDM responder is not impacted if mutual authentication is not required.\n\nlibspdm 1.0, 2.0, 2.1, 2.2, 2.3 are all impacted. Older branches are not maintained, but users of the 2.3 branch may receive a patch in version 2.3.2. The SPDM specification (DSP0274) does not contain this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-31127
CVE-2023-31129The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND protocol includes a message type called Router Solicitation (RS), which is used to locate routers and update their address information via the SLLAO (Source Link-Layer Address Option). If the indicated source address changes, a given neighbor entry is set to the STALE state.\n\nThe message handler does not check for RS messages with an SLLAO that indicates a link-layer address change that a neighbor entry can actually be created for the indicated address. The resulting pointer is used without a check, leading to the dereference of a NULL pointer of type `uip_ds6_nbr_t`.\n\nThe problem has been patched in the `develop` branch of Contiki-NG, and will be included in the upcoming 4.9 release. As a workaround, users can apply Contiki-NG pull request #2271 to patch the problem directly.https://nvd.nist.gov/vuln/detail/CVE-2023-31129
CVE-2023-31133Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack.\n\nGhost(Pro) has already been patched. Maintainers can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a version below v5.46.1. v5.46.1 contains a fix for this issue. As a workaround, add a block for requests to `/ghost/api/content/*` where the `filter` query parameter contains `password` or `email`.https://nvd.nist.gov/vuln/detail/CVE-2023-31133
CVE-2023-31140OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication (2FA) device for an account, existing logged in sessions for that user account are not terminated. Likewise, if an administrators creates a mobile phone 2FA device on behalf of a user, their existing sessions are not terminated. The issue has been resolved in OpenProject version 12.5.4 by actively terminating sessions of user accounts having registered and confirmed a 2FA device. As a workaround, users who register the first 2FA device on their account can manually log out to terminate all other active sessions. This is the default behavior of OpenProject but might be disabled through a configuration option. Double check that this option is not overridden if one plans to employ the workaround.https://nvd.nist.gov/vuln/detail/CVE-2023-31140
CVE-2023-31141OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. For this issue to be triggered, two concurrent requests need to land on the same instance exactly when query cache eviction happens, once every four hours. OpenSearch 1.3.10 and 2.7.0 contain a fix for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-31141
CVE-2023-31178AgilePoint NX v8.0 SU2.2 & SU2.3 – Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31178
CVE-2023-31179AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and downloading files from the server, by an unspecified request.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31179
CVE-2023-31180\nWJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-site scripting (RXSS) through an unspecified request.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31180
CVE-2023-31181\nWJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Traversal\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31181
CVE-2023-31182\n EasyTor Applications – Authorization Bypass - EasyTor Applications may allow authorization bypass via unspecified method.\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31182
CVE-2023-31183\n Cybonet PineApp Mail Secure A reflected cross-site scripting (XSS) vulnerability was identified in the product, using an unspecified endpoint.\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31183
CVE-2023-23894Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Surbma Surbma | GDPR Proof Cookie Consent & Notice Bar plugin <= 17.5.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23894
CVE-2023-24376Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico Graff WP Simple Events plugin <= 1.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24376
CVE-2023-22710Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidevs Return and Warranty Management System for WooCommerce plugin <= 1.2.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-22710
CVE-2023-22813A device API endpoint was missing access controls on Western Digital My Cloud OS 5 Mobile App on Android, iOS, Western Digital My Cloud Home Mobile App on iOS, Android, SanDIsk ibi Mobile App on Android, iOS, Western Digital WD Cloud Mobile App on Android, iOS, Western Digital My Cloud OS 5 Web App, Western Digital My Cloud Home Web App, SanDisk ibi Web App and the Western Digital WD Web App. Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker-controlled server and issue a cross-site request.This issue affects My Cloud OS 5 Mobile App: through 4.21.0; My Cloud Home Mobile App: through 4.21.0; ibi Mobile App: through 4.21.0; WD Cloud Mobile App: through 4.21.0; My Cloud OS 5 Web App: through 4.26.0-6126; My Cloud Home Web App: through 4.26.0-6126; ibi Web App: through 4.26.0-6126; WD Web App: through 4.26.0-6126.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22813
CVE-2023-28762SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28762
CVE-2023-28764SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28764
CVE-2023-29188SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29188
CVE-2021-31239An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.https://nvd.nist.gov/vuln/detail/CVE-2021-31239
CVE-2022-38685In bluetooth service, there is a possible missing permission check. This could lead to local denial of service in bluetooth service with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-38685
CVE-2022-39089In mlog service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-39089
CVE-2022-44419In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE. This could local denial of service with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-44419
CVE-2022-44420In modem, there is a possible missing verification of HashMME value in Security Mode Command. This could local denial of service with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-44420
CVE-2022-44433In phoneEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-44433
CVE-2022-47334In phasecheck server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-47334
CVE-2022-47340In h265 codec firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-47340
CVE-2022-47469In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-47469
CVE-2022-47470In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-47470
CVE-2022-47485In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-47485
CVE-2022-47486In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-47486
CVE-2022-47487In thermal service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service local denial of service with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-47487
CVE-2022-47488In spipe drive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-47488
CVE-2022-47489In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-47489
CVE-2022-47490In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-47490
CVE-2022-47491In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-47491
CVE-2022-47492In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-47492
CVE-2022-47493In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-47493
CVE-2022-47494In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-47494
CVE-2022-47495In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-47495
CVE-2022-47496In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-47496
CVE-2022-47497In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-47497
CVE-2022-47498In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-47498
CVE-2022-47499In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-47499
CVE-2022-48231In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48231
CVE-2022-48232In FM service , there is a possible missing params check. This could lead to local denial of service in FM service .https://nvd.nist.gov/vuln/detail/CVE-2022-48232
CVE-2022-48233In FM service , there is a possible missing params check. This could lead to local denial of service in FM service .https://nvd.nist.gov/vuln/detail/CVE-2022-48233
CVE-2022-48234In FM service , there is a possible missing params check. This could lead to local denial of service in FM service .https://nvd.nist.gov/vuln/detail/CVE-2022-48234
CVE-2022-48235In MP3 encoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48235
CVE-2022-48236In MP3 encoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48236
CVE-2022-48237In Image filter, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48237
CVE-2022-48238In Image filter, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48238
CVE-2022-48239In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48239
CVE-2022-48240In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48240
CVE-2022-48241In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48241
CVE-2022-48242In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48242
CVE-2022-48243In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48243
CVE-2022-48244In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48244
CVE-2022-48245In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48245
CVE-2022-48246In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48246
CVE-2022-48247In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48247
CVE-2022-48248In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48248
CVE-2022-48249In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48249
CVE-2022-48250In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48250
CVE-2022-48368In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48368
CVE-2022-48369In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48369
CVE-2022-48370In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48370
CVE-2022-48371In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48371
CVE-2022-48372In bootcp service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48372
CVE-2022-48373In tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48373
CVE-2022-48374In tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48374
CVE-2022-48375In contacts service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48375
CVE-2022-48376In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48376
CVE-2022-48377In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48377
CVE-2022-48378In engineermode service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48378
CVE-2022-48379In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48379
CVE-2022-48380In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48380
CVE-2022-48381In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48381
CVE-2022-48382In log service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48382
CVE-2022-48383.In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48383
CVE-2022-48384In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48384
CVE-2022-48385In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48385
CVE-2022-48386the apipe driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48386
CVE-2022-48387the apipe driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48387
CVE-2022-48388In powerEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-48388
CVE-2022-48389In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48389
CVE-2023-29092An issue was discovered in Exynos Mobile Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, and Exynos 1080. Binding of a wrong resource can occur due to improper handling of parameters while binding a network interface.https://nvd.nist.gov/vuln/detail/CVE-2023-29092
CVE-2023-30740SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality, limited impact on integrity and availability of the application.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30740
CVE-2023-30741Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30741
CVE-2023-30742SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. The information from the victim's session could then be modified or read by the attacker.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30742
CVE-2023-30743Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user’s information through phishing attack.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30743
CVE-2023-30744In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication.  A subsequent call to one of these methods can read or change the state of existing services without any effect on availability.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30744
CVE-2023-31404Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could let them access data sources which would otherwise be restricted.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31404
CVE-2023-31406Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31406
CVE-2023-31407SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31407
CVE-2023-32111In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32111
CVE-2023-32112Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32112
CVE-2023-32113SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32113
CVE-2021-44283A buffer overflow in the component /Enclave.cpp of Electronics and Telecommunications Research Institute ShieldStore commit 58d455617f99705f0ffd8a27616abdf77bdc1bdc allows attackers to cause an information leak via a crafted structure from an untrusted operating system.https://nvd.nist.gov/vuln/detail/CVE-2021-44283
CVE-2022-4537The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.https://nvd.nist.gov/vuln/detail/CVE-2022-4537
CVE-2023-30237CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe.https://nvd.nist.gov/vuln/detail/CVE-2023-30237
CVE-2023-2590Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9.https://nvd.nist.gov/vuln/detail/CVE-2023-2590
CVE-2023-23863Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin <= 2.0.22 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23863
CVE-2022-41640Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Rymera Web Co Wholesale Suite plugin <= 2.1.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-41640
CVE-2023-23664Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ConvertBox ConvertBox Auto Embed WordPress plugin <= 1.0.19 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23664
CVE-2023-23793Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eightweb Interactive Read More Without Refresh plugin <= 3.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23793
CVE-2023-2591Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.7.https://nvd.nist.gov/vuln/detail/CVE-2023-2591
CVE-2023-23732Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Disqus Conditional Load plugin <= 11.0.6 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23732
CVE-2023-23733Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Lazy Social Comments plugin <= 2.0.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23733
CVE-2023-23734Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Voswinkel Userlike – WordPress Live Chat plugin <= 2.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23734
CVE-2023-23862Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical scroll recent post plugin <= 14.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23862
CVE-2023-23883Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Gwyer WP Content Filter plugin <= 3.0.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23883
CVE-2023-23884Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23884
CVE-2023-24372Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB Memory Direct Simple Custom Author Profiles plugin <= 1.0.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24372
CVE-2022-46822Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC Development Team WooCommerce JazzCash Gateway Plugin plugin <= 2.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-46822
CVE-2022-46844Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-46844
CVE-2022-46858Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.Rezapour Product Specifications for Woocommerce plugin <= 0.6.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-46858
CVE-2022-46864Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Saleem Woocommerce Custom Checkout Fields Editor With Drag & Drop plugin <= 0.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-46864
CVE-2023-23647Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Team Member – Team with Slider plugin <= 4.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23647
CVE-2023-2594A vulnerability, which was classified as critical, was found in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the component Registration. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228396.https://nvd.nist.gov/vuln/detail/CVE-2023-2594
CVE-2023-2595A vulnerability has been found in SourceCodester Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax_service.php of the component POST Parameter Handler. The manipulation of the argument drop_services leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228397 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-2595
CVE-2023-2596A vulnerability was found in SourceCodester Online Reviewer System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /reviewer/system/system/admins/manage/users/user-update.php of the component GET Parameter Handler. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228398 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-2596
CVE-2023-31126`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect restricted cleaning in HTMLCleaner as there attributes are cleaned and thus characters like `/` and `>` are removed in all attribute names. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by making sure that data attributes only contain allowed characters. There are no known workarounds apart from upgrading to a version including the fix.https://nvd.nist.gov/vuln/detail/CVE-2023-31126
CVE-2023-31972yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c.https://nvd.nist.gov/vuln/detail/CVE-2023-31972
CVE-2023-31974yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c.https://nvd.nist.gov/vuln/detail/CVE-2023-31974
CVE-2023-31975yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.https://nvd.nist.gov/vuln/detail/CVE-2023-31975
CVE-2023-29460An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29460
CVE-2023-29461An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. \n\n potentially resulting in a complete loss of confidentiality, integrity, and availability.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29461
CVE-2023-29462An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. \n\n potentially resulting in a complete loss of confidentiality, integrity, and availability.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29462
CVE-2023-31134Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit\narbitrary websites or due to a bug allowing the open redirect. This allows the external website access to the IPC layer and therefore to all configured and exposed Tauri API endpoints and application specific implemented Tauri commands. This issue has been patched in versions 1.0.9, 1.1.4, and 1.2.5. As a workaround, prevent arbitrary input in redirect features and/or only allow trusted websites access to the IPC.https://nvd.nist.gov/vuln/detail/CVE-2023-31134
CVE-2023-31136PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The vulnerability is addressed in PostgresNIO versions starting from 1.14.2. There are no known workarounds for unpatched users.https://nvd.nist.gov/vuln/detail/CVE-2023-31136
CVE-2023-31137MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination.\n\nThe vulnerability exists in the `decomp_get_rddata` function within the `Decompress.c` file. When handling a DNS packet with an Answer RR of qtype 16 (TXT record) and any qclass, if the `rdlength` is smaller than `rdata`, the result of the line `Decompress.c:886` is a negative number `len = rdlength - total;`. This value is then passed to the `decomp_append_bytes` function without proper validation, causing the program to attempt to allocate a massive chunk of memory that is impossible to allocate. Consequently, the program exits with an error code of 64, causing a Denial of Service.\n\nOne proposed fix for this vulnerability is to patch `Decompress.c:887` by breaking `if(len <= 0)`, which has been incorporated in version 3.5.0036 via commit bab062bde40b2ae8a91eecd522e84d8b993bab58.https://nvd.nist.gov/vuln/detail/CVE-2023-31137
CVE-2023-31973yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c.https://nvd.nist.gov/vuln/detail/CVE-2023-31973
CVE-2023-31976libming v0.4.8 was discovered to contain a stack buffer overflow via the function makeswf_preprocess at /util/makeswf_utils.c.https://nvd.nist.gov/vuln/detail/CVE-2023-31976
CVE-2023-31979Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c.https://nvd.nist.gov/vuln/detail/CVE-2023-31979
CVE-2023-31981Sngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packet_set_payload at /src/packet.c.https://nvd.nist.gov/vuln/detail/CVE-2023-31981
CVE-2023-31982Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_packet_reasm_ip at /src/capture.c.https://nvd.nist.gov/vuln/detail/CVE-2023-31982
CVE-2023-31138DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an object may be able to modify related objects that they should not have access to. DHIS2 implementers should upgrade to a supported version of DHIS2 to receive a patch: 2.37.9.1, 2.38.3.1, or 2.39.1.2. It is possible to work around this issue by blocking all PATCH requests on a reverse proxy, but this may cause some issues with the functionality of built-in applications using legacy PATCH requests.https://nvd.nist.gov/vuln/detail/CVE-2023-31138
CVE-2023-31139DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.37 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, Personal Access Tokens (PATs) generate unrestricted session cookies. This may lead to a bypass of other access restrictions (for example, based on allowed IP addresses or HTTP methods). DHIS2 implementers should upgrade to a supported version of DHIS2: 2.37.9.1, 2.38.3.1, or 2.39.1.2. Implementers can work around this issue by adding extra access control validations on a reverse proxy.https://nvd.nist.gov/vuln/detail/CVE-2023-31139
CVE-2023-31143mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-31143
CVE-2023-32060DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker program events or program stages, the `/trackedEntityInstances` and `/events` API endpoints may include all events regardless of the sharing settings applied to the category option combinations. When this specific configuration is present, users may have access to events which they should not be able to see based on the sharing settings of the category options. The events will not appear in the user interface for web-based Tracker Capture or Capture applications, but if the Android Capture App is used they will be displayed to the user. Versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0 contain a fix for this issue. No workaround is known.https://nvd.nist.gov/vuln/detail/CVE-2023-32060
CVE-2020-18280Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function.https://nvd.nist.gov/vuln/detail/CVE-2020-18280
CVE-2020-23362Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter.https://nvd.nist.gov/vuln/detail/CVE-2020-23362
CVE-2020-23363Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script.https://nvd.nist.gov/vuln/detail/CVE-2020-23363
CVE-2021-31240An issue found in libming v.0.4.8 allows a local attacker to execute arbitrary code via the parseSWF_IMPORTASSETS function in the parser.c file.https://nvd.nist.gov/vuln/detail/CVE-2021-31240
CVE-2021-31711Cross Site Scripting vulnerability found in Trippo ResponsiveFilemanager v.9.14.0 and before allows a remote attacker to execute arbitrary code via the sort_by parameter in the dialog.php file.https://nvd.nist.gov/vuln/detail/CVE-2021-31711
CVE-2023-30083Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the newVar_N in util/decompile.c.https://nvd.nist.gov/vuln/detail/CVE-2023-30083
CVE-2023-30084An issue found in libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the stackVal function in util/decompile.c.https://nvd.nist.gov/vuln/detail/CVE-2023-30084
CVE-2023-30085Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the cws2fws function in util/decompile.c.https://nvd.nist.gov/vuln/detail/CVE-2023-30085
CVE-2023-30086Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.https://nvd.nist.gov/vuln/detail/CVE-2023-30086
CVE-2023-30087Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c.https://nvd.nist.gov/vuln/detail/CVE-2023-30087
CVE-2023-30088An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c.https://nvd.nist.gov/vuln/detail/CVE-2023-30088
CVE-2023-31144Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.https://nvd.nist.gov/vuln/detail/CVE-2023-31144
CVE-2023-31476An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www).https://nvd.nist.gov/vuln/detail/CVE-2023-31476
CVE-2023-31489An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function.https://nvd.nist.gov/vuln/detail/CVE-2023-31489
CVE-2023-31490An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.https://nvd.nist.gov/vuln/detail/CVE-2023-31490
CVE-2023-31799Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-31799
CVE-2023-31800Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-31800
CVE-2023-31801Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-31801
CVE-2023-31802Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.https://nvd.nist.gov/vuln/detail/CVE-2023-31802
CVE-2023-31803Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters.https://nvd.nist.gov/vuln/detail/CVE-2023-31803
CVE-2023-31804Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.https://nvd.nist.gov/vuln/detail/CVE-2023-31804
CVE-2023-31805Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function.https://nvd.nist.gov/vuln/detail/CVE-2023-31805
CVE-2023-31806Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function.https://nvd.nist.gov/vuln/detail/CVE-2023-31806
CVE-2023-31807Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function.https://nvd.nist.gov/vuln/detail/CVE-2023-31807
CVE-2023-32066Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then be executed in user browser on subsequent requests to week view. This issue is fixed in version 1.22.12.5783. As a workaround, use `htmlspecialchars` when calling `$field->setTitle` on line #245 in the `week.php` file, as happens in version 1.22.12.5783.https://nvd.nist.gov/vuln/detail/CVE-2023-32066
CVE-2023-32069XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-32069
CVE-2023-32071XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8. The easiest possible workaround is to edit file `<xwiki app>/templates/importinline.vm` and apply the modification described in commit 28905f7f518cc6f21ea61fe37e9e1ed97ef36f01.https://nvd.nist.gov/vuln/detail/CVE-2023-32071
CVE-2023-20046A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.\r\n\r There are workarounds that address this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-20046
CVE-2023-20098A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files.\r\n\r This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root.https://nvd.nist.gov/vuln/detail/CVE-2023-20098
CVE-2023-2609NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.https://nvd.nist.gov/vuln/detail/CVE-2023-2609
CVE-2023-31472An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.https://nvd.nist.gov/vuln/detail/CVE-2023-31472
CVE-2023-31474An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name.https://nvd.nist.gov/vuln/detail/CVE-2023-31474
CVE-2021-26354Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-26354
CVE-2021-26356A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-26356
CVE-2021-26365Certain size values in firmware binary headers\ncould trigger out of bounds reads during signature validation, leading to\ndenial of service or potentially limited leakage of information about\nout-of-bounds memory contents.\n\n\n\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-26365
CVE-2021-26371A compromised or malicious ABL or UApp could\nsend a SHA256 system call to the bootloader, which may result in exposure of\nASP memory to userspace, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-26371
CVE-2021-26379Insufficient input validation of mailbox data in the\nSMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially\nleading to a loss of integrity and privilege escalation.\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-26379
CVE-2021-26397Insufficient address validation, may allow an\nattacker with a compromised ABL and UApp to corrupt sensitive memory locations\npotentially resulting in a loss of integrity or availability.\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-26397
CVE-2021-26406Insufficient validation in parsing Owner's\nCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)\nand SEV-ES user application can lead to a host crash potentially resulting in\ndenial of service.\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-26406
CVE-2021-46749Insufficient bounds checking in ASP (AMD Secure\nProcessor) may allow for an out of bounds read in SMI (System Management\nInterface) mailbox checksum calculation triggering a data abort, resulting in a\npotential denial of service.\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46749
CVE-2021-46753Failure to validate the length fields of the ASP\n(AMD Secure Processor) sensor fusion hub headers may allow an attacker with a\nmalicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite\ndata structures leading to a potential loss of confidentiality and integrity.\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46753
CVE-2021-46762Insufficient input validation in the SMU may\nallow an attacker to corrupt SMU SRAM potentially leading to a loss of\nintegrity or denial of service.\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46762
CVE-2021-46763Insufficient input validation in the SMU may\nenable a privileged attacker to write beyond the intended bounds of a shared\nmemory buffer potentially leading to a loss of integrity.\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46763
CVE-2021-46764Improper validation of DRAM addresses in SMU may\nallow an attacker to overwrite sensitive memory locations within the ASP\npotentially resulting in a denial of service.\n\n\n\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46764
CVE-2021-46769Insufficient syscall input validation in the ASP\nBootloader may allow a privileged attacker to execute arbitrary DMA copies,\nwhich can lead to code execution. \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46769
CVE-2021-46775Improper input validation in ABL may enable an\nattacker with physical access, to perform arbitrary memory overwrites,\npotentially leading to a loss of integrity and code execution.\n\n\n\n \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46775
CVE-2022-23818Insufficient input validation on the model\nspecific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest\nmemory integrity.\n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23818
CVE-2023-20520Improper access control settings in ASP\nBootloader may allow an attacker to corrupt the return address causing a\nstack-based buffer overrun potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20520
CVE-2023-20524An attacker with a compromised ASP could\npossibly send malformed commands to an ASP on another CPU, resulting in an out\nof bounds write, potentially leading to a loss a loss of integrity.\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20524
CVE-2021-46754Insufficient input validation in the ASP (AMD\nSecure Processor) bootloader may allow an attacker with a compromised Uapp or\nABL to coerce the bootloader into exposing sensitive information to the SMU\n(System Management Unit) resulting in a potential loss of confidentiality and\nintegrity.\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46754
CVE-2021-46755Failure to unmap certain SysHub mappings in\nerror paths of the ASP (AMD Secure Processor) bootloader may allow an attacker\nwith a malicious bootloader to exhaust the SysHub resources resulting in a\npotential denial of service.\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46755
CVE-2021-46756Insufficient validation of inputs in\nSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an\nattacker with a malicious Uapp or ABL to send malformed or invalid syscall to\nthe bootloader resulting in a potential denial of service and loss of\nintegrity.\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46756
CVE-2021-46759Improper syscall input validation in AMD TEE\n(Trusted Execution Environment) may allow an attacker with physical access and\ncontrol of a Uapp that runs under the bootloader to reveal the contents of the\nASP (AMD Secure Processor) bootloader accessible memory to a serial port,\nresulting in a potential loss of integrity.\n\n\n\n\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46759
CVE-2021-46760A malicious or compromised UApp or ABL can send\na malformed system call to the bootloader, which may result in an out-of-bounds\nmemory access that may potentially lead to an attacker leaking sensitive\ninformation or achieving code execution.\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46760
CVE-2021-46765Insufficient input validation in ASP may allow\nan attacker with a compromised SMM to induce out-of-bounds memory reads within\nthe ASP, potentially leading to a denial of service.\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46765
CVE-2021-46773Insufficient input validation in ABL may enable\na privileged attacker to corrupt ASP memory, potentially resulting in a loss of\nintegrity or code execution.\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46773
CVE-2021-46792Time-of-check Time-of-use (TOCTOU) in the\nBIOS2PSP command may allow an attacker with a malicious BIOS to create a race\ncondition causing the ASP bootloader to perform out-of-bounds SRAM reads upon\nan S3 resume event potentially leading to a denial of service.\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46792
CVE-2021-46794Insufficient bounds checking in ASP (AMD Secure\nProcessor) may allow for an out of bounds read in SMI (System Management\nInterface) mailbox checksum calculation triggering a data abort, resulting in a\npotential denial of service.\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46794
CVE-2023-30056A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie.https://nvd.nist.gov/vuln/detail/CVE-2023-30056
CVE-2023-30057Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-30057
CVE-2023-28125An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.https://nvd.nist.gov/vuln/detail/CVE-2023-28125
CVE-2023-28126An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.https://nvd.nist.gov/vuln/detail/CVE-2023-28126
CVE-2023-28127A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2023-28127
CVE-2023-28128An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.https://nvd.nist.gov/vuln/detail/CVE-2023-28128
CVE-2023-28316A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled.https://nvd.nist.gov/vuln/detail/CVE-2023-28316
CVE-2023-28317A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order.https://nvd.nist.gov/vuln/detail/CVE-2023-28317
CVE-2023-28318A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices.https://nvd.nist.gov/vuln/detail/CVE-2023-28318
CVE-2023-2156A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.https://nvd.nist.gov/vuln/detail/CVE-2023-2156
CVE-2023-2610Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.https://nvd.nist.gov/vuln/detail/CVE-2023-2610
CVE-2023-31478An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.https://nvd.nist.gov/vuln/detail/CVE-2023-31478
Tags
Bulletins
Share